Unsecured Credentials and Domain Accounts
Threat actors use the techniques Unsecured Credentials and Domain Accounts to obtain credential access and gain persistence. In this emulation of how the threat group APT29 would use these techniques, you will get hands-on practice detecting this activity so you can protect your organization from highly sophisticated advanced persistent threats.
2.1What is the “Unsecured Credentials” Technique?
2.2What is the “Valid Accounts: Domain Accounts” Technique?
2.3Detection, Validation, and Mitigation (Lab)
This course focuses on the stage of an attack where threat actors work to obtain unauthorized access to additional accounts and credentials in the target environment or application. The safekeeping of credentials to environments, systems and applications has long been a core, cybersecurity challenge. Entire product lines revolve around this need, ranging from access brokers to privileged access management solutions. Part of this challenge stems from the wide variety of locations that credentials are stored across the enterprise, and the lack of strong, default security practices around many of those locations. Add in the propensity of users to store their own credentials unsafely, and it becomes all too common for adversaries to discover Unsecured Credentials.
In this course we will review a specific type of credential - Active Directory certificates.
Learn how to detect and mitigate these techniques to protect your organization from this highly sophisticated attack.
Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT29. Prevent adversaries from accomplishing the tactic of credential access.
Complete this entire course to earn a Unsecured Credentials and Domain Accounts Certificate of Completion