Skip to content

Hide Navigation Hide TOC

Dump Credentials from Windows Credential Manager With PowerShell (99c49d9c-34ea-45f7-84a7-4751ae6b2cbc)

Adversaries may search for common password storage locations to obtain user credentials. Passwords are stored in several places on a system, depending on the operating system or application holding the credentials.

Cluster A Galaxy A Cluster B Galaxy B Level
Dump Credentials from Windows Credential Manager With PowerShell (99c49d9c-34ea-45f7-84a7-4751ae6b2cbc) Sigma-Rules Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 1