| ID | Name |
|---|---|
| ATAGS-T1126.001 | Chat Messages |
| ATAGS-T1126.002 | Cloud Instance Metadata API |
| ATAGS-T1126.003 | Container API |
| ATAGS-T1126.004 | Credentials In Files |
| ATAGS-T1126.005 | Credentials in Registry |
| ATAGS-T1126.006 | Group Policy Preferences |
| ATAGS-T1126.007 | Private Keys |
| ATAGS-T1126.008 | Shell History |
Threat Actors may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.