Unsecured Credentials

Sub-techniques (4)

ID	Name
T1552.005	Cloud Instance Metadata API
T1552.001	Credentials In Files

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History [MITRE] ), operating system or application-specific repositories (e.g. Credentials in Registry [MITRE] ), or other specialized files/artifacts (e.g. Private Keys [MITRE] ).

References

mitre-attack
Brining MimiKatz to Unix

Technique Information

ID: T1552

Aliases: T1552

Sub-techniques:

T1552.001
T1552.005

Tactics:

Credential Access

Platforms:

Windows
Azure AD
Office 365
SaaS
IaaS
Linux
macOS
Google Workspace
Containers
Network
Amazon Web Services (AWS)

Created: 04 Feb 2020

Last Modified: 03 Jun 2025