Forensic analysis of MITRE ATT&CK Techniques 4 - Credential Access
In the previous blog Forensic analysis of MITRE ATT&CK Techniques - PART 3 the third phase of the adversary was explained. In that phase an adversary managed to ensure persistence on the system, creating the local account and placed a malicious shortcut in the Startup Folder. Looking at the MITRE ATT&CK framework, the next goal of an adversary is to use techniques to steal credentials like account names and passwords