| ID | Name |
|---|---|
| ATAGS-T1113.001 | Cloud Secrets Management Stores |
| ATAGS-T1113.002 | Credentials from Web Browsers |
| ATAGS-T1113.003 | Keychain |
| ATAGS-T1113.004 | Password Managers |
| ATAGS-T1113.005 | Securityd Memory |
| ATAGS-T1113.006 | Windows Credential Manager |
Threat Actors may acquire credentials from web browsers by reading files specific to the target browser. Web browsers commonly save credentials such as website usernames and passwords so that they do not need to be entered manually in the future. Web browsers typically store the credentials in an encrypted format within a credential store; however, methods exist to extract plaintext credentials from web browsers.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.