| description |
|---|
ATT&CK ID: T1552
Description
Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or application-specific repositories (e.g. Credentials in Registry), or other specialized files/artifacts (e.g. Private Keys).
{% content-ref url="credentials-in-files.md" %} credentials-in-files.md {% endcontent-ref %}
{% content-ref url="credentials-in-registry.md" %} credentials-in-registry.md {% endcontent-ref %}
{% content-ref url="group-policy-preferences/" %} group-policy-preferences {% endcontent-ref %}