Unsecured Credentials and Domain Accounts

Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.

Time
1 hour 15 minutes
Difficulty
Intermediate
CEU/CPE
1
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Course Content
Campaign Overview
10m

2.1What is the “Unsecured Credentials” Technique?

10m

2.2What is the “Valid Accounts: Domain Accounts” Technique?

5m

2.3Detection, Validation, and Mitigation (Lab)

50m
Course Description

This course focuses on the stage of an attack where threat actors work to obtain unauthorized access to additional accounts and credentials in the target environment or application. The safekeeping of credentials to environments, systems and applications has long been a core, cybersecurity challenge. Entire product lines revolve around this need, ranging from access brokers to privileged access management solutions. Part of this challenge stems from the wide variety of locations that credentials are stored across the enterprise, and the lack of strong, default security practices around many of those locations. Add in the propensity of users to store their own credentials unsafely, and it becomes all too common for adversaries to discover Unsecured Credentials.

In this course we will review a specific type of credential - Active Directory certificates.

Learn how to detect and mitigate these techniques to protect your organization from this highly sophisticated attack.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT29. Prevent adversaries from accomplishing the tactic of credential access.

Instructed By
Chris Daywalt

Chris Daywalt

Security Freelancer

Instructor
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Unsecured Credentials and Domain Accounts Certificate of Completion