search
Infiltr8ForumGitHub
githubEdit

In-memory secrets

MITRE ATT&CK™ OS Credential Dumping: Proc Filesystem - Technique T1003.007

hashtag
Theory

Just like the LSASS process on Windows systems allowing for LSASS dumping, some programs sometimes handle credentials in the memory allocated to their processes, sometimes allowing attackers to dump them.

hashtag
Practice

On UNIX-like systems, tools like mimipenguinarrow-up-right (C, Shell, Python), mimipyarrow-up-right (Python) and LaZagnearrow-up-right (Python) can be used to extract passwords from memory.

mimipenguin
laZagne memory

hashtag
Resources

LogoOS Credential Dumping: Proc Filesystem, Sub-technique T1003.007 - Enterprise | MITRE ATT&CK®attack.mitre.orgchevron-right

Last updated