In-memory secrets
MITRE ATT&CK™ OS Credential Dumping: Proc Filesystem - Technique T1003.007
Last updated
MITRE ATT&CK™ OS Credential Dumping: Proc Filesystem - Technique T1003.007
Last updated
Just like the LSASS process on Windows systems allowing for LSASS dumping, some programs sometimes handle credentials in the memory allocated to their processes, sometimes allowing attackers to dump them.
On UNIX-like systems, tools like mimipenguin (C, Shell, Python), mimipy (Python) and LaZagne (Python) can be used to extract passwords from memory.