Home > CAPEC List > CAPEC-567: Obtain Data via Utilities (Version 2.11)  

CAPEC-567: Obtain Data via Utilities

Obtain Data via Utilities
Definition in a New Window Definition in a New Window
Attack Pattern ID: 567
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

In this type of attack, information useful to adversaries in launching follow-on attacks is obtained through the use of helper tools or utilities. The utilities often gather information through well-known and documented system functionality, but can also exploit flaws in the system to retrieve information that is not meant to be obtainable. The information is gathered up and delivered to the adversary so that analysis can be performed.

Examples of such utilities include: pwdump7, Windows Credential Editor, Mimikatz, and gsecdump. Many of these utilities are in use by both professional security testers and adversaries.

+ References
[R.566.1] ATT&CK Project. "Credential Dumping (1003)". MITRE. <https://attack.mitre.org/wiki/Credential_dumping>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017