Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An attacker with administrative privileges can leverage built-in Windows tools to dump credentials from registry hives. This technique can help an attacker access credentials, which can then be leveraged in later attacks.
Kill Chain
Risk Score
84
Every Windows computer has a Windows registry, which is a collection of databases that contain configuration and application settings. Registry hives are sections of the Windows registry that can contain sensitive data, such as encryption keys, account credentials, and other secrets. An attacker can steal sensitive data from System, Security, or Security Account Manager (SAM) registry hives through various techniques. Credential dumping is a technique to export credentials. One type of credential dumping is to export entire registry hives with built-in Windows tools, such as reg.exe. The attacker can then transfer the registry hive to an attacker-controlled device where they can run offline cracking tools to retrieve passwords.
