Detections
Analytics
Unsecured Credentials: Credentials in Registry
Description
Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | SMB | Windows registry | Plugin ID: 10412 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Credential Access
Technique: Unsecured Credentials
Sub-Technique: Credentials in Registry
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2023 Q4