ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引页]

译者: 林妙倩(清华大学网络研究院网络空间安全实习生)、戴亦仑(赛宁网安) 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices

原文: https://attack.mitre.org/tactics/TA0031/

术语表: /attack/glossary

Credential Access

Credential access represents techniques that can be used by adversaries to obtain access to or control over passwords, tokens, cryptographic keys, or other values that could be used by an adversary to gain unauthorized access to resources. Credential access allows the adversary to assume the identity of an account, with all of that account's permissions on the system and network, and makes it harder for defenders to detect the adversary. With sufficient access within a network, an adversary can create accounts for later use within the environment.

凭据访问

凭据访问(Credential Access)表示攻击者使用的技术,这些技术用于获取或控制密码,令牌,加密密钥或其他可以被攻击者用来获取对资源的未授权访问的值。凭据访问权限允许攻击者获取帐户的身份,并拥有该帐户在系统和网络上的所有权限,并使防御者更难以检测到攻击者。利用对网络的足够的访问权限,攻击者可以创建帐户以供以后在该环境中使用。