| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
1 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) |
Attack Pattern |
1 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) |
Attack Pattern |
1 |
| Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
1 |
| SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
1 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
1 |
| Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) |
Attack Pattern |
1 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) |
Attack Pattern |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) |
Attack Pattern |
1 |
| Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) |
Attack Pattern |
1 |
| Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) |
Attack Pattern |
Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
1 |
| Password Policies - M1027 (90c218c3-fbf8-4830-98a7-e8cfb7eaa485) |
Course of Action |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
1 |
| Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
| AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) |
Attack Pattern |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
2 |
| Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) |
Attack Pattern |
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) |
Attack Pattern |
2 |
| NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) |
Attack Pattern |
2 |
| Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) |
Attack Pattern |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
2 |
| /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
2 |
| Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) |
Attack Pattern |
2 |
| Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) |
Attack Pattern |
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
2 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Patch System Image - T1601.001 (d245808a-7086-4310-984a-a84aaaa43f8f) |
Attack Pattern |
2 |
| Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) |
Attack Pattern |
2 |
| LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) |
Attack Pattern |
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) |
Attack Pattern |
2 |
| Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) |
Attack Pattern |
2 |
| Modify System Image - T1601 (ae7f3575-0a5e-427e-991b-fe03ad44c754) |
Attack Pattern |
Downgrade System Image - T1601.002 (fc74ba38-dc98-461f-8611-b3dbf9978e3d) |
Attack Pattern |
2 |
| LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) |
Attack Pattern |
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
2 |
| Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) |
Attack Pattern |
SSH Hijacking - T1563.001 (4d2a5b3e-340d-4600-9123-309dd63c9bf8) |
Attack Pattern |
2 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) |
Attack Pattern |
2 |
| Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166) |
Attack Pattern |
Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de) |
Attack Pattern |
2 |
| Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) |
Attack Pattern |
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
2 |
| Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) |
Attack Pattern |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
2 |
| Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) |
Attack Pattern |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
2 |
| Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) |
Attack Pattern |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
2 |
| Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) |
Attack Pattern |
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) |
Attack Pattern |
2 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) |
Attack Pattern |
2 |
| Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) |
Attack Pattern |
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) |
Attack Pattern |
2 |
| Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) |
Attack Pattern |
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) |
Attack Pattern |
2 |