Open johnmccash opened 7 months ago
Actually, this would be for credential issues in general. It's currently kind of hard to parse out exactly which cred types are included in which category.
Thanks for submitting this @johnmccash ! We'll discuss this. For context, we initially set out to create attack technique entries only for the situations we have offensive tooling/abuse techniques for, but I agree that different situations require different remediations. PREVENT-10 is somewhat of a catch-all, but could use more detail about how to determine which accounts are present in a given environment.
I agree that the content of CRED-1-4 should be expanded to cover other credential material that can be recovered. We wouldn't create new CRED techniques for this because the TTPs are the same, just different credentials exposed in different situations. I'll move this issue to the backlog so we can expand on those. We'd appreciate any contributions.
Minor Quibble about PXE Creds: I'd like to see this broken out into separate issues for each different type of credentials found. The different creds can appear under different circumstances, and prevention that is effective for some is not for others.