Esc
OS Credential Dumping - T1003
(ATT&CK® Technique)
Definition
Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password. Credentials can be obtained from OS caches, memory, or structures. Credentials can then be used to perform Lateral Movement and access restricted information.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1003["OS Credential Dumping"] --> |accesses| EncryptedCredential["Encrypted Credential"]; class T1003 OffensiveTechniqueNode; class EncryptedCredential ArtifactNode; click EncryptedCredential href "/dao/artifact/d3f:EncryptedCredential"; click T1003 href "/offensive-technique/attack/T1003/"; click EncryptedCredential href "/dao/artifact/d3f:EncryptedCredential"; T1003["OS Credential Dumping"] --> |accesses| Process["Process"]; class T1003 OffensiveTechniqueNode; class Process ArtifactNode; click Process href "/dao/artifact/d3f:Process"; click T1003 href "/offensive-technique/attack/T1003/"; click Process href "/dao/artifact/d3f:Process"; T1003["OS Credential Dumping"] --> |accesses| ProcessImage["Process Image"]; class T1003 OffensiveTechniqueNode; class ProcessImage ArtifactNode; click ProcessImage href "/dao/artifact/d3f:ProcessImage"; click T1003 href "/offensive-technique/attack/T1003/"; click ProcessImage href "/dao/artifact/d3f:ProcessImage"; T1003["OS Credential Dumping"] --> |may-access| Process["Process"]; class T1003 OffensiveTechniqueNode; class Process ArtifactNode; click Process href "/dao/artifact/d3f:Process"; click T1003 href "/offensive-technique/attack/T1003/"; click Process href "/dao/artifact/d3f:Process"; T1003["OS Credential Dumping"] --> |may-modify| Log["Log"]; class T1003 OffensiveTechniqueNode; class Log ArtifactNode; click Log href "/dao/artifact/d3f:Log"; click T1003 href "/offensive-technique/attack/T1003/"; click Log href "/dao/artifact/d3f:Log"; T1003["OS Credential Dumping"] --> |may-modify| EventLog["Event Log"]; class T1003 OffensiveTechniqueNode; class EventLog ArtifactNode; click EventLog href "/dao/artifact/d3f:EventLog"; click T1003 href "/offensive-technique/attack/T1003/"; click EventLog href "/dao/artifact/d3f:EventLog"; T1003["OS Credential Dumping"] --> |accesses| OperatingSystemFile["Operating System File"]; class T1003 OffensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click OperatingSystemFile href "/dao/artifact/d3f:OperatingSystemFile"; click T1003 href "/offensive-technique/attack/T1003/"; click OperatingSystemFile href "/dao/artifact/d3f:OperatingSystemFile"; T1003["OS Credential Dumping"] --> |accesses| PasswordFile["Password File"]; class T1003 OffensiveTechniqueNode; class PasswordFile ArtifactNode; click PasswordFile href "/dao/artifact/d3f:PasswordFile"; click T1003 href "/offensive-technique/attack/T1003/"; click PasswordFile href "/dao/artifact/d3f:PasswordFile"; T1003["OS Credential Dumping"] --> |produces| IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; class T1003 OffensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; click T1003 href "/offensive-technique/attack/T1003/"; click IntranetAdministrativeNetworkTraffic href "/dao/artifact/d3f:IntranetAdministrativeNetworkTraffic"; T1003["OS Credential Dumping"] --> |may-access| SystemPasswordDatabase["System Password Database"]; class T1003 OffensiveTechniqueNode; class SystemPasswordDatabase ArtifactNode; click SystemPasswordDatabase href "/dao/artifact/d3f:SystemPasswordDatabase"; click T1003 href "/offensive-technique/attack/T1003/"; click SystemPasswordDatabase href "/dao/artifact/d3f:SystemPasswordDatabase"; T1003["OS Credential Dumping"] --> |accesses| AuthenticationService["Authentication Service"]; class T1003 OffensiveTechniqueNode; class AuthenticationService ArtifactNode; click AuthenticationService href "/dao/artifact/d3f:AuthenticationService"; click T1003 href "/offensive-technique/attack/T1003/"; click AuthenticationService href "/dao/artifact/d3f:AuthenticationService"; T1003["OS Credential Dumping"] --> |may-access| AuthenticationService["Authentication Service"]; class T1003 OffensiveTechniqueNode; class AuthenticationService ArtifactNode; click AuthenticationService href "/dao/artifact/d3f:AuthenticationService"; click T1003 href "/offensive-technique/attack/T1003/"; click AuthenticationService href "/dao/artifact/d3f:AuthenticationService"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class NetworkTrafficCommunityDeviation DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class NetworkTrafficSignatureAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficSignatureAnalysis href "/technique/d3f:NetworkTrafficSignatureAnalysis"; Client-serverPayloadProfiling["Client-server Payload Profiling"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; Client-serverPayloadProfiling["Client-server Payload Profiling"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class Client-serverPayloadProfiling DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class RemoteTerminalSessionDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; ConnectionAttemptAnalysis["Connection Attempt Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ConnectionAttemptAnalysis["Connection Attempt Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class ConnectionAttemptAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ConnectionAttemptAnalysis href "/technique/d3f:ConnectionAttemptAnalysis"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; AdministrativeNetworkActivityAnalysis["Administrative Network Activity Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class AdministrativeNetworkActivityAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click AdministrativeNetworkActivityAnalysis href "/technique/d3f:AdministrativeNetworkActivityAnalysis"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; DecoyFile["Decoy File"] --> | spoofs | OperatingSystemFile["Operating System File"]; DecoyFile["Decoy File"] -.-> | May Deceive | T1003["OS Credential Dumping"] ; class DecoyFile DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; DecoyFile["Decoy File"] --> | spoofs | PasswordFile["Password File"]; class DecoyFile DefensiveTechniqueNode; class PasswordFile ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; DecoyUserCredential["Decoy User Credential"] --> | spoofs | EncryptedCredential["Encrypted Credential"]; DecoyUserCredential["Decoy User Credential"] -.-> | May Deceive | T1003["OS Credential Dumping"] ; class DecoyUserCredential DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] --> | analyzes | EncryptedCredential["Encrypted Credential"]; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] --> | analyzes | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; ProcessSpawnAnalysis["Process Spawn Analysis"] --> | analyzes | AuthenticationService["Authentication Service"]; ProcessSpawnAnalysis["Process Spawn Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class ProcessSpawnAnalysis DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click ProcessSpawnAnalysis href "/technique/d3f:ProcessSpawnAnalysis"; ProcessSelf-ModificationDetection["Process Self-Modification Detection"] --> | analyzes | Process["Process"]; ProcessSelf-ModificationDetection["Process Self-Modification Detection"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class ProcessSelf-ModificationDetection DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSelf-ModificationDetection href "/technique/d3f:ProcessSelf-ModificationDetection"; ProcessSpawnAnalysis["Process Spawn Analysis"] --> | analyzes | Process["Process"]; class ProcessSpawnAnalysis DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSpawnAnalysis href "/technique/d3f:ProcessSpawnAnalysis"; ProcessSelf-ModificationDetection["Process Self-Modification Detection"] --> | analyzes | AuthenticationService["Authentication Service"]; class ProcessSelf-ModificationDetection DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click ProcessSelf-ModificationDetection href "/technique/d3f:ProcessSelf-ModificationDetection"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | OperatingSystemFile["Operating System File"]; FileIntegrityMonitoring["File Integrity Monitoring"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class FileIntegrityMonitoring DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | PasswordFile["Password File"]; class FileIntegrityMonitoring DefensiveTechniqueNode; class PasswordFile ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] --> | deletes | EncryptedCredential["Encrypted Credential"]; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class AuthenticationCacheInvalidation DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; CredentialRevoking["Credential Revoking"] --> | deletes | EncryptedCredential["Encrypted Credential"]; CredentialRevoking["Credential Revoking"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class CredentialRevoking DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click CredentialRevoking href "/technique/d3f:CredentialRevoking"; ProcessTermination["Process Termination"] --> | terminates | AuthenticationService["Authentication Service"]; ProcessTermination["Process Termination"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class ProcessTermination DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click ProcessTermination href "/technique/d3f:ProcessTermination"; ProcessTermination["Process Termination"] --> | terminates | Process["Process"]; class ProcessTermination DefensiveTechniqueNode; class Process ArtifactNode; click ProcessTermination href "/technique/d3f:ProcessTermination"; HostShutdown["Host Shutdown"] --> | terminates | Process["Process"]; HostShutdown["Host Shutdown"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class HostShutdown DefensiveTechniqueNode; class Process ArtifactNode; click HostShutdown href "/technique/d3f:HostShutdown"; HostShutdown["Host Shutdown"] --> | terminates | AuthenticationService["Authentication Service"]; class HostShutdown DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click HostShutdown href "/technique/d3f:HostShutdown"; ProcessSuspension["Process Suspension"] --> | suspends | AuthenticationService["Authentication Service"]; ProcessSuspension["Process Suspension"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class ProcessSuspension DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click ProcessSuspension href "/technique/d3f:ProcessSuspension"; ProcessSuspension["Process Suspension"] --> | suspends | Process["Process"]; class ProcessSuspension DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSuspension href "/technique/d3f:ProcessSuspension"; FileRemoval["File Removal"] --> | deletes | OperatingSystemFile["Operating System File"]; FileRemoval["File Removal"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class FileRemoval DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click FileRemoval href "/technique/d3f:FileRemoval"; FileRemoval["File Removal"] --> | deletes | PasswordFile["Password File"]; class FileRemoval DefensiveTechniqueNode; class PasswordFile ArtifactNode; click FileRemoval href "/technique/d3f:FileRemoval"; CredentialTransmissionScoping["Credential Transmission Scoping"] --> | restricts | EncryptedCredential["Encrypted Credential"]; CredentialTransmissionScoping["Credential Transmission Scoping"] -.-> | May Harden | T1003["OS Credential Dumping"] ; class CredentialTransmissionScoping DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; CredentialRotation["Credential Rotation"] --> | regenerates | EncryptedCredential["Encrypted Credential"]; CredentialRotation["Credential Rotation"] -.-> | May Harden | T1003["OS Credential Dumping"] ; class CredentialRotation DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click CredentialRotation href "/technique/d3f:CredentialRotation"; LocalFilePermissions["Local File Permissions"] --> | restricts | OperatingSystemFile["Operating System File"]; LocalFilePermissions["Local File Permissions"] -.-> | May Harden | T1003["OS Credential Dumping"] ; class LocalFilePermissions DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; LocalFilePermissions["Local File Permissions"] --> | restricts | PasswordFile["Password File"]; class LocalFilePermissions DefensiveTechniqueNode; class PasswordFile ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; FileEncryption["File Encryption"] --> | encrypts | PasswordFile["Password File"]; FileEncryption["File Encryption"] -.-> | May Harden | T1003["OS Credential Dumping"] ; class FileEncryption DefensiveTechniqueNode; class PasswordFile ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; FileEncryption["File Encryption"] --> | encrypts | OperatingSystemFile["Operating System File"]; class FileEncryption DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; Hardware-basedProcessIsolation["Hardware-based Process Isolation"] --> | isolates | Process["Process"]; Hardware-basedProcessIsolation["Hardware-based Process Isolation"] -.-> | May Isolate | T1003["OS Credential Dumping"] ; class Hardware-basedProcessIsolation DefensiveTechniqueNode; class Process ArtifactNode; click Hardware-basedProcessIsolation href "/technique/d3f:Hardware-basedProcessIsolation"; Hardware-basedProcessIsolation["Hardware-based Process Isolation"] --> | isolates | AuthenticationService["Authentication Service"]; class Hardware-basedProcessIsolation DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click Hardware-basedProcessIsolation href "/technique/d3f:Hardware-basedProcessIsolation"; NetworkTrafficFiltering["Network Traffic Filtering"] --> | filters | IntranetAdministrativeNetworkTraffic["Intranet Administrative Network Traffic"]; NetworkTrafficFiltering["Network Traffic Filtering"] -.-> | May Isolate | T1003["OS Credential Dumping"] ; class NetworkTrafficFiltering DefensiveTechniqueNode; class IntranetAdministrativeNetworkTraffic ArtifactNode; click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; RestoreDatabase["Restore Database"] --> | restores | PasswordFile["Password File"]; RestoreDatabase["Restore Database"] -.-> | May Restore | T1003["OS Credential Dumping"] ; class RestoreDatabase DefensiveTechniqueNode; class PasswordFile ArtifactNode; click RestoreDatabase href "/technique/d3f:RestoreDatabase"; RestoreDatabase["Restore Database"] --> | restores | SystemPasswordDatabase["System Password Database"]; class RestoreDatabase DefensiveTechniqueNode; class SystemPasswordDatabase ArtifactNode; click RestoreDatabase href "/technique/d3f:RestoreDatabase"; ReissueCredential["Reissue Credential"] --> | restores | EncryptedCredential["Encrypted Credential"]; ReissueCredential["Reissue Credential"] -.-> | May Restore | T1003["OS Credential Dumping"] ; class ReissueCredential DefensiveTechniqueNode; class EncryptedCredential ArtifactNode; click ReissueCredential href "/technique/d3f:ReissueCredential"; RestoreFile["Restore File"] --> | restores | PasswordFile["Password File"]; RestoreFile["Restore File"] -.-> | May Restore | T1003["OS Credential Dumping"] ; class RestoreFile DefensiveTechniqueNode; class PasswordFile ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; RestoreFile["Restore File"] --> | restores | OperatingSystemFile["Operating System File"]; class RestoreFile DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; FileAnalysis["File Analysis"] --> | analyzes | OperatingSystemFile["Operating System File"]; FileAnalysis["File Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class FileAnalysis DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; FileAnalysis["File Analysis"] --> | analyzes | PasswordFile["Password File"]; class FileAnalysis DefensiveTechniqueNode; class PasswordFile ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; ProcessLineageAnalysis["Process Lineage Analysis"] --> | analyzes | AuthenticationService["Authentication Service"]; ProcessLineageAnalysis["Process Lineage Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class ProcessLineageAnalysis DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click ProcessLineageAnalysis href "/technique/d3f:ProcessLineageAnalysis"; ProcessLineageAnalysis["Process Lineage Analysis"] --> | analyzes | Process["Process"]; class ProcessLineageAnalysis DefensiveTechniqueNode; class Process ArtifactNode; click ProcessLineageAnalysis href "/technique/d3f:ProcessLineageAnalysis"; SystemFileAnalysis["System File Analysis"] --> | analyzes | OperatingSystemFile["Operating System File"]; SystemFileAnalysis["System File Analysis"] -.-> | May Detect | T1003["OS Credential Dumping"] ; class SystemFileAnalysis DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click SystemFileAnalysis href "/technique/d3f:SystemFileAnalysis"; HostReboot["Host Reboot"] --> | terminates | AuthenticationService["Authentication Service"]; HostReboot["Host Reboot"] -.-> | May Evict | T1003["OS Credential Dumping"] ; class HostReboot DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click HostReboot href "/technique/d3f:HostReboot"; HostReboot["Host Reboot"] --> | terminates | Process["Process"]; class HostReboot DefensiveTechniqueNode; class Process ArtifactNode; click HostReboot href "/technique/d3f:HostReboot"; MandatoryAccessControl["Mandatory Access Control"] --> | isolates | Process["Process"]; MandatoryAccessControl["Mandatory Access Control"] -.-> | May Isolate | T1003["OS Credential Dumping"] ; class MandatoryAccessControl DefensiveTechniqueNode; class Process ArtifactNode; click MandatoryAccessControl href "/technique/d3f:MandatoryAccessControl"; MandatoryAccessControl["Mandatory Access Control"] --> | isolates | AuthenticationService["Authentication Service"]; class MandatoryAccessControl DefensiveTechniqueNode; class AuthenticationService ArtifactNode; click MandatoryAccessControl href "/technique/d3f:MandatoryAccessControl";