Esc

Password Guessing - T1110.001

(ATT&CK® Technique)

Definition

Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts. Without knowledge of the password for an account, an adversary may opt to systematically guess the password using a repetitive or iterative mechanism. An adversary may guess login credentials without prior knowledge of system or environment passwords during an operation by using a list of common passwords. Password guessing may or may not take into account the target's policies on password complexity or use policies that may lock accounts out after a number of failed attempts.

D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.

        graph LR;

     T1110001["Password Guessing"] --> |accesses| Password["Password"]; class T1110001 OffensiveTechniqueNode;
        class Password ArtifactNode; click Password href "/dao/artifact/d3f:Password";
        click T1110001 href "/offensive-technique/attack/T1110.001/"; click Password href "/dao/artifact/d3f:Password"; T1110001["Password Guessing"] --> |modifies| AuthenticationLog["Authentication Log"]; class T1110001 OffensiveTechniqueNode;
        class AuthenticationLog ArtifactNode; click AuthenticationLog href "/dao/artifact/d3f:AuthenticationLog";
        click T1110001 href "/offensive-technique/attack/T1110.001/"; click AuthenticationLog href "/dao/artifact/d3f:AuthenticationLog"; T1110001["Password Guessing"] --> |produces| Authentication["Authentication"]; class T1110001 OffensiveTechniqueNode;
        class Authentication ArtifactNode; click Authentication href "/dao/artifact/d3f:Authentication";
        click T1110001 href "/offensive-technique/attack/T1110.001/"; click Authentication href "/dao/artifact/d3f:Authentication";                                       SessionDurationAnalysis["Session Duration Analysis"] -->
          | analyzes | Authentication["Authentication"];

          SessionDurationAnalysis["Session Duration Analysis"] -.->
            | May Detect | T1110001["Password Guessing"] ;
          class SessionDurationAnalysis DefensiveTechniqueNode;
          class Authentication ArtifactNode;
          click SessionDurationAnalysis href "/technique/d3f:SessionDurationAnalysis"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -->
          | deletes | Password["Password"];

          AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.->
            | May Evict | T1110001["Password Guessing"] ;
          class AuthenticationCacheInvalidation DefensiveTechniqueNode;
          class Password ArtifactNode;
          click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; CredentialRevocation["Credential Revocation"] -->
          | deletes | Password["Password"];

          CredentialRevocation["Credential Revocation"] -.->
            | May Evict | T1110001["Password Guessing"] ;
          class CredentialRevocation DefensiveTechniqueNode;
          class Password ArtifactNode;
          click CredentialRevocation href "/technique/d3f:CredentialRevocation";                                        AuthenticationEventThresholding["Authentication Event Thresholding"] -->
          | analyzes | Authentication["Authentication"];

          AuthenticationEventThresholding["Authentication Event Thresholding"] -.->
            | May Detect | T1110001["Password Guessing"] ;
          class AuthenticationEventThresholding DefensiveTechniqueNode;
          class Authentication ArtifactNode;
          click AuthenticationEventThresholding href "/technique/d3f:AuthenticationEventThresholding"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -->
          | analyzes | Password["Password"];

          CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.->
            | May Detect | T1110001["Password Guessing"] ;
          class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode;
          class Password ArtifactNode;
          click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] -->
          | analyzes | Authentication["Authentication"];

          ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] -.->
            | May Detect | T1110001["Password Guessing"] ;
          class ResourceAccessPatternAnalysis DefensiveTechniqueNode;
          class Authentication ArtifactNode;
          click ResourceAccessPatternAnalysis href "/technique/d3f:ResourceAccessPatternAnalysis";                                        CredentialRotation["Credential Rotation"] -->
          | regenerates | Password["Password"];

          CredentialRotation["Credential Rotation"] -.->
            | May Harden | T1110001["Password Guessing"] ;
          class CredentialRotation DefensiveTechniqueNode;
          class Password ArtifactNode;
          click CredentialRotation href "/technique/d3f:CredentialRotation"; CredentialTransmissionScoping["Credential Transmission Scoping"] -->
          | restricts | Password["Password"];

          CredentialTransmissionScoping["Credential Transmission Scoping"] -.->
            | May Harden | T1110001["Password Guessing"] ;
          class CredentialTransmissionScoping DefensiveTechniqueNode;
          class Password ArtifactNode;
          click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping";   StrongPasswordPolicy["Strong Password Policy"] -->
          | strengthens | Password["Password"];

          StrongPasswordPolicy["Strong Password Policy"] -.->
            | May Harden | T1110001["Password Guessing"] ;
          class StrongPasswordPolicy DefensiveTechniqueNode;
          class Password ArtifactNode;
          click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy";                                    One-timePassword["One-time Password"] -->
          | use-limits | Password["Password"];

          One-timePassword["One-time Password"] -.->
            | May Harden | T1110001["Password Guessing"] ;
          class One-timePassword DefensiveTechniqueNode;
          class Password ArtifactNode;
          click One-timePassword href "/technique/d3f:One-timePassword";  DecoyUserCredential["Decoy User Credential"] -->
          | spoofs | Password["Password"];

          DecoyUserCredential["Decoy User Credential"] -.->
            | May Deceive | T1110001["Password Guessing"] ;
          class DecoyUserCredential DefensiveTechniqueNode;
          class Password ArtifactNode;
          click DecoyUserCredential href "/technique/d3f:DecoyUserCredential";                            ReissueCredential["Reissue Credential"] -->
          | restores | Password["Password"];

          ReissueCredential["Reissue Credential"] -.->
            | May Restore | T1110001["Password Guessing"] ;
          class ReissueCredential DefensiveTechniqueNode;
          class Password ArtifactNode;
          click ReissueCredential href "/technique/d3f:ReissueCredential";

json