Threat actors may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Credentials can be obtained from OS caches, memory, or structures. Credentials can then be used to perform Lateral Movement and access restricted information.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.