Modify Authentication Process: Password Filter DLL

Other sub-techniques of Modify Authentication Process (9)

ID	Name
ATAGS-T1055.001	Domain Controller Authentication
ATAGS-T1055.002	Multi-Factor Authentication
ATAGS-T1055.003	Network Device Authentication
ATAGS-T1055.004	Network Provider DLL
ATAGS-T1055.005	Password Filter DLL
ATAGS-T1055.006	Pluggable Authentication Modules
ATAGS-T1055.007	Reversible Encryption
ATAGS-T1055.008	Conditional Access Policies
ATAGS-T1055.009	Hybrid Identity

Threat Actors may register malicious password filter dynamic link libraries (DLLs) into the authentication process to acquire user credentials as they are validated.

ID: ATAGS-T1055.005

Sub-technique of: ATAGS-T1055

ⓘ

Tactic: Execution

ⓘ

Targeted Components: Cloud Control Plane

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.