Statements (33)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cyberattack technique
|
| gptkbp:can_be_performed_using |
gptkb:Metasploit
gptkb:Mimikatz Windows Credential Editor |
| gptkbp:can_compromise |
Active Directory environments
|
| gptkbp:canBeBypassedBy |
password authentication
|
| gptkbp:cause |
data breaches
privilege escalation |
| gptkbp:commonly_targets |
gptkb:Windows_operating_systems
|
| gptkbp:detects |
SIEM systems
endpoint detection and response (EDR) tools monitoring unusual authentication patterns |
| gptkbp:enables |
lateral movement
|
| gptkbp:exploits |
gptkb:NTLM_authentication
LAN Manager (LM) hashes hash-based authentication |
| gptkbp:firstDescribed |
1997
|
| https://www.w3.org/2000/01/rdf-schema#label |
Pass-the-Hash attacks
|
| gptkbp:mitigatedBy |
multi-factor authentication
limiting administrative privileges using strong password policies |
| gptkbp:prevention_includes |
network segmentation
credential guard disabling NTLM using local administrator password solution (LAPS) |
| gptkbp:relatedTo |
credential dumping
Kerberos attacks |
| gptkbp:target |
authentication protocols
|
| gptkbp:uses |
stolen password hashes
|
| gptkbp:bfsParent |
gptkb:Windows_Defender_Credential_Guard_for_Credential_Protection
gptkb:Windows_Defender_Credential_Guard_for_Secure_Authentication gptkb:Windows_Defender_Credential_Guard_for_Virtualization-Based_Security |
| gptkbp:bfsLayer |
8
|