Esc
Password Cracking - T1110.002
(ATT&CK® Technique)
Definition
Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained. OS Credential Dumping can be used to obtain password hashes, this may only get an adversary so far when Pass the Hash is not an option. Further, adversaries may leverage Data from Configuration Repository in order to obtain hashed credentials for network devices.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1110002["Password Cracking"] --> |accesses| Password["Password"]; class T1110002 OffensiveTechniqueNode;
class Password ArtifactNode; click Password href "/dao/artifact/d3f:Password";
click T1110002 href "/offensive-technique/attack/T1110.002/"; click Password href "/dao/artifact/d3f:Password"; CredentialRotation["Credential Rotation"] -->
| regenerates | Password["Password"];
CredentialRotation["Credential Rotation"] -.->
| May Harden | T1110002["Password Cracking"] ;
class CredentialRotation DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialRotation href "/technique/d3f:CredentialRotation"; CredentialTransmissionScoping["Credential Transmission Scoping"] -->
| restricts | Password["Password"];
CredentialTransmissionScoping["Credential Transmission Scoping"] -.->
| May Harden | T1110002["Password Cracking"] ;
class CredentialTransmissionScoping DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; One-timePassword["One-time Password"] -->
| use-limits | Password["Password"];
One-timePassword["One-time Password"] -.->
| May Harden | T1110002["Password Cracking"] ;
class One-timePassword DefensiveTechniqueNode;
class Password ArtifactNode;
click One-timePassword href "/technique/d3f:One-timePassword"; StrongPasswordPolicy["Strong Password Policy"] -->
| strengthens | Password["Password"];
StrongPasswordPolicy["Strong Password Policy"] -.->
| May Harden | T1110002["Password Cracking"] ;
class StrongPasswordPolicy DefensiveTechniqueNode;
class Password ArtifactNode;
click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; CredentialRevocation["Credential Revocation"] -->
| deletes | Password["Password"];
CredentialRevocation["Credential Revocation"] -.->
| May Evict | T1110002["Password Cracking"] ;
class CredentialRevocation DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialRevocation href "/technique/d3f:CredentialRevocation"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -->
| deletes | Password["Password"];
AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.->
| May Evict | T1110002["Password Cracking"] ;
class AuthenticationCacheInvalidation DefensiveTechniqueNode;
class Password ArtifactNode;
click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; DecoyUserCredential["Decoy User Credential"] -->
| spoofs | Password["Password"];
DecoyUserCredential["Decoy User Credential"] -.->
| May Deceive | T1110002["Password Cracking"] ;
class DecoyUserCredential DefensiveTechniqueNode;
class Password ArtifactNode;
click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; ReissueCredential["Reissue Credential"] -->
| restores | Password["Password"];
ReissueCredential["Reissue Credential"] -.->
| May Restore | T1110002["Password Cracking"] ;
class ReissueCredential DefensiveTechniqueNode;
class Password ArtifactNode;
click ReissueCredential href "/technique/d3f:ReissueCredential"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -->
| analyzes | Password["Password"];
CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.->
| May Detect | T1110002["Password Cracking"] ;
class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode;
class Password ArtifactNode;
click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis";