Statements (33)
Predicate | Object |
---|---|
gptkbp:instanceOf |
cyberattack technique
|
gptkbp:can_be_performed_using |
gptkb:Metasploit
gptkb:Mimikatz Windows Credential Editor |
gptkbp:can_compromise |
Active Directory environments
|
gptkbp:canBeBypassedBy |
password authentication
|
gptkbp:cause |
data breaches
privilege escalation |
gptkbp:commonly_targets |
gptkb:Windows_operating_systems
|
gptkbp:detects |
SIEM systems
endpoint detection and response (EDR) tools monitoring unusual authentication patterns |
gptkbp:enables |
lateral movement
|
gptkbp:exploits |
gptkb:NTLM_authentication
LAN Manager (LM) hashes hash-based authentication |
gptkbp:firstDescribed |
1997
|
https://www.w3.org/2000/01/rdf-schema#label |
Pass-the-Hash attacks
|
gptkbp:mitigatedBy |
multi-factor authentication
limiting administrative privileges using strong password policies |
gptkbp:prevention_includes |
network segmentation
credential guard disabling NTLM using local administrator password solution (LAPS) |
gptkbp:relatedTo |
credential dumping
Kerberos attacks |
gptkbp:target |
authentication protocols
|
gptkbp:uses |
stolen password hashes
|
gptkbp:bfsParent |
gptkb:Windows_Defender_Credential_Guard_for_Credential_Protection
gptkb:Windows_Defender_Credential_Guard_for_Secure_Authentication gptkb:Windows_Defender_Credential_Guard_for_Virtualization-Based_Security |
gptkbp:bfsLayer |
8
|