|
1
|
/etc/passwd and /etc/shadow
|
|
2
|
ARP Cache Poisoning
|
|
3
|
AS-REP Roasting
|
|
38
|
Bash History
|
|
48
|
Brute Force
|
|
55
|
Cached Domain Credentials
|
|
67
|
Cloud Instance Metadata API
|
|
90
|
Container API
|
|
100
|
Credential API Hooking
|
|
101
|
Credential Stuffing
|
|
103
|
Credentials In Files
|
|
104
|
Credentials from Password Stores
|
|
105
|
Credentials from Web Browsers
|
|
106
|
Credentials in Registry
|
|
108
|
DCSync
|
|
156
|
Domain Controller Authentication
|
|
206
|
Exploitation for Credential Access
|
|
224
|
Forced Authentication
|
|
225
|
Forge Web Credentials
|
|
226
|
GUI Input Capture
|
|
232
|
Golden Ticket
|
|
235
|
Group Policy Preferences
|
|
258
|
Input Capture
|
|
270
|
Kerberoasting
|
|
272
|
Keychain
|
|
273
|
Keylogging
|
|
276
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
277
|
LSA Secrets
|
|
279
|
LSASS Memory
|
|
304
|
Man-in-the-Middle
|
|
309
|
Modify Authentication Process
|
|
318
|
NTDS
|
|
325
|
Network Device Authentication
|
|
333
|
Network Sniffing
|
|
339
|
OS Credential Dumping
|
|
354
|
Password Cracking
|
|
355
|
Password Filter DLL
|
|
356
|
Password Guessing
|
|
357
|
Password Managers
|
|
359
|
Password Spraying
|
|
370
|
Pluggable Authentication Modules
|
|
378
|
Private Keys
|
|
379
|
Proc Filesystem
|
|
420
|
SAML Tokens
|
|
442
|
Security Account Manager
|
|
445
|
Securityd Memory
|
|
461
|
Silver Ticket
|
|
480
|
Steal Application Access Token
|
|
481
|
Steal Web Session Cookie
|
|
482
|
Steal or Forge Kerberos Tickets
|
|
522
|
Two-Factor Authentication Interception
|
|
525
|
Unsecured Credentials
|
|
546
|
Web Cookies
|
|
547
|
Web Portal Capture
|
|
555
|
Windows Credential Manager
|