Skip to content

Hide Navigation Hide TOC

Extracting Information with PowerShell (bd5971a7-626d-46ab-8176-ed643f694f68)

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.

Cluster A Galaxy A Cluster B Galaxy B Level
Extracting Information with PowerShell (bd5971a7-626d-46ab-8176-ed643f694f68) Sigma-Rules Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2