Adversaries leverage open-source credential dumping tools, such as Mimikatz and LaZagne, to obtain credentials from various sources (databases, memory, web browsers, etc.). These tools help attackers discover credentials in the form of a hash or a clear-text password. Once they acquire legitimate credentials, they can easily move laterally and access restricted information.

This whitepaper focuses on understanding how attackers are dumping credentials using advanced tools and techniques and solutions for building a strong defense against credential theft. This paper also captures credential access techniques mapped to MITRE ATT&CK using Red Canary’s Atomic Red Team tool, an open-source testing framework.