17 lines
1,017 B
Markdown
17 lines
1,017 B
Markdown
|
|
|||
|
## General
|
|||
|
|
|||
|
Credential harvesting is a technique for obtaining credentials like login information, account names, and passwords by extracting them from various locations such as clear-text files, registry, memory dumping, etc. Additionally, it also refers to gaining access to user and system credentials through techniques such as network sniffing, where an attacker captures transmitted credentials.
|
|||
|
|
|||
|
As a red teamer, gaining access to legitimate credentials has benefits:
|
|||
|
|
|||
|
- It can give access to systems (Lateral Movement).
|
|||
|
- It makes it harder to detect our actions.
|
|||
|
- It provides the opportunity to create and manage accounts to help achieve the end goals of a red team engagement.
|
|||
|
|
|||
|
Credentials can be found in a variety of different forms, such as:
|
|||
|
|
|||
|
- Accounts details (usernames and passwords)
|
|||
|
- Hashes that include NTLM hashes, etc.
|
|||
|
- Authentication Tickets: Tickets Granting Ticket (TGT), Ticket Granting Server (TGS)
|
|||
|
- Any information that helps login into a system (private keys, etc.)
|