| ID | Name |
|---|---|
| ATAGS-T1112.001 | TC Brute Forcing |
| ATAGS-T1112.002 | Credential Stuffing |
| ATAGS-T1112.003 | Password Cracking |
| ATAGS-T1112.004 | Password Guessing |
| ATAGS-T1112.005 | Password Spraying |
Threat Actors may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained. OS Credential Dumping can be used to obtain password hashes, this may only get Threat Actors so far when Pass the Hash is not an option. Further, Threat Actors may leverage Data from Configuration Repository in order to obtain hashed credentials for network devices.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.