Matrices • Cyber Pulse Academy

Cyber Pulse Academy

Latest News

Proactive Defense: Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Proactive Defense: Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

CISA Flags Critical SolarWinds Web Help Desk RCE Bug Under Active Attack

CISA Flags Critical SolarWinds Web Help Desk RCE Bug Under Active Attack

DockerDash Vulnerability: Critical AI Flaw in Docker Desktop Enables Code Execution via Image Metadata

DockerDash Vulnerability: Critical AI Flaw in Docker Desktop Enables Code Execution via Image Metadata

When the Cloud Fails: Protecting Identity Systems from Widespread Outages

When the Cloud Fails: Protecting Identity Systems from Widespread Outages

Metro4Shell Under Fire: How Attackers Exploit CVE-2025-11953 in React Native Tooling

Metro4Shell Under Fire: How Attackers Exploit CVE-2025-11953 in React Native Tooling

APT28 Weaponizes Microsoft Office CVE-2026-21509: A Deep Dive into Operation Neusploit

APT28 Weaponizes Microsoft Office CVE-2026-21509: A Deep Dive into Operation Neusploit

Firefox’s One-Click AI Kill Switch: Master Your Generative AI Privacy

Firefox’s One-Click AI Kill Switch: Master Your Generative AI Privacy

Lotus Blossom’s Notepad++ Supply Chain Attack: A Deep Dive into the Chrysalis Backdoor

Lotus Blossom’s Notepad++ Supply Chain Attack: A Deep Dive into the Chrysalis Backdoor

341 Malicious ClawHub Skills Exposed in OpenClaw Supply Chain Attack

341 Malicious ClawHub Skills Exposed in OpenClaw Supply Chain Attack

Critical OpenClaw Remote Code Execution: One-Click Exploit Puts AI Assistants at Risk

Critical OpenClaw Remote Code Execution: One-Click Exploit Puts AI Assistants at Risk

NTLM Phase-Out: Microsoft’s 3-Stage Plan to Move Windows to Kerberos

NTLM Phase-Out: Microsoft’s 3-Stage Plan to Move Windows to Kerberos

Complete Mid-Market Threat Lifecycle Protection: A Beginner’s Blueprint to Outsmart Attackers

Complete Mid-Market Threat Lifecycle Protection: A Beginner’s Blueprint to Outsmart Attackers

Notepad++ Update Hijack: Critical Supply Chain Attack Exposed

Notepad++ Update Hijack: Critical Supply Chain Attack Exposed

eScan Update Server Breach: When Trusted Antivirus Updates Turn Into Malware

eScan Update Server Breach: When Trusted Antivirus Updates Turn Into Malware

Open VSX Supply Chain Attack: How a Compromised Dev Account Spread GlassWorm Malware to 22,000+ Users

Open VSX Supply Chain Attack: How a Compromised Dev Account Spread GlassWorm Malware to 22,000+ Users

Chainlit AI Framework Vulnerabilities Expose Data to File Read and SSRF Attacks

Chainlit AI Framework Vulnerabilities Expose Data to File Read and SSRF Attacks

AI-Assisted VoidLink Linux Malware Surpasses 88,000 Lines of Code

AI-Assisted VoidLink Linux Malware Surpasses 88,000 Lines of Code

LastPass Alerts Users to Fake Maintenance Scams After Master Passwords

LastPass Alerts Users to Fake Maintenance Scams After Master Passwords

CERT/CC warns binary-parser Bug Enables Node.js Privilege Escalation

CERT/CC warns binary-parser Bug Enables Node.js Privilege Escalation

Malicious VS Code Projects Used by North Korean Hackers to Target Developers

Malicious VS Code Projects Used by North Korean Hackers to Target Developers

Critical Vulnerabilities in Anthropic’s MCP Git Server Allow File Access and Code Execution

Critical Vulnerabilities in Anthropic’s MCP Git Server Allow File Access and Code Execution

LinkedIn Messages Deliver Malware Via DLL Sideloading

LinkedIn Messages Deliver Malware Via DLL Sideloading

The Unseen Danger of Abandoned Accounts

The Unseen Danger of Abandoned Accounts

VS Code Extensions Exploited by Evelyn Stealer for Data Theft

VS Code Extensions Exploited by Evelyn Stealer for Data Theft

Cloudflare Patches ACME Bug That Permitted WAF Bypass

Cloudflare Patches ACME Bug That Permitted WAF Bypass

Why JavaScript Bundles Continue to Leak Undiscovered Secrets

Why JavaScript Bundles Continue to Leak Undiscovered Secrets

Tudou Guarantee Halts Telegram Transactions, Having Handled More Than $12 Billion.

Tudou Guarantee Halts Telegram Transactions, Having Handled More Than $12 Billion.

Security Flaw in Google Gemini Allowed Access to Private Calendars via Fake Invites

Security Flaw in Google Gemini Allowed Access to Private Calendars via Fake Invites

The Hidden Toll of Cloud Downtime

The Hidden Toll of Cloud Downtime

StackWarp Flaw Bypasses AMD SEV-SNP on Zen 1–5 CPUs

StackWarp Flaw Bypasses AMD SEV-SNP on Zen 1–5 CPUs

Malicious Chrome extension spreads ModeloRAT via fake crash lures.

Malicious Chrome extension spreads ModeloRAT via fake crash lures.

StealC Panel Flaw Let Researchers Monitor Hackers

StealC Panel Flaw Let Researchers Monitor Hackers

Ransomware Leader Hunted Internationally via EU, INTERPOL Alerts

Ransomware Leader Hunted Internationally via EU, INTERPOL Alerts

OpenAI introduces ads for free U.S. ChatGPT users

OpenAI introduces ads for free U.S. ChatGPT users

GootLoader evades detection with hundreds of nested ZIP files.

GootLoader evades detection with hundreds of nested ZIP files.

Malicious Chrome Extensions Pose as Workday, NetSuite to Hijack Accounts

Malicious Chrome Extensions Pose as Workday, NetSuite to Hijack Accounts

Your Online Traces Can Reveal Your Home Address

Your Online Traces Can Reveal Your Home Address

LOTUSLITE Backdoor Targets U.S. Policy Groups with Venezuela-Themed Phishing

LOTUSLITE Backdoor Targets U.S. Policy Groups with Venezuela-Themed Phishing

China-Linked APT Breaches Critical Infrastructure via Sitecore Zero-Day

China-Linked APT Breaches Critical Infrastructure via Sitecore Zero-Day

China-Linked APT Exploits Cisco Zero-Day, Patched in Email Gateways

China-Linked APT Exploits Cisco Zero-Day, Patched in Email Gateways

AWS CodeBuild Misconfiguration Could Have Led to GitHub Supply Chain Attacks

AWS CodeBuild Misconfiguration Could Have Led to GitHub Supply Chain Attacks

Critical WordPress Modularity Plugin Under Active Attack for Full Site Takeover

Critical WordPress Modularity Plugin Under Active Attack for Full Site Takeover

Reprompt Attack Enables Single-Click Data Theft from Microsoft Copilot

Reprompt Attack Enables Single-Click Data Theft from Microsoft Copilot

Workflow Security, Not Model Security, Is the Critical Risk

Workflow Security, Not Model Security, Is the Critical Risk

Four Obsolete SOC Practices Increasing MTTR in 2026

Four Obsolete SOC Practices Increasing MTTR in 2026

Microsoft Takedown Dismantles RedVDS Criminal Network for Online Fraud

Microsoft Takedown Dismantles RedVDS Criminal Network for Online Fraud

Palo Alto Patches Critical DoS Flaw in GlobalProtect That Crashes Firewalls Pre-Authentication

Palo Alto Patches Critical DoS Flaw in GlobalProtect That Crashes Firewalls Pre-Authentication

Researchers Sinkhole Over 550 Kimwolf and Aisuru Botnet C2 Servers

Researchers Sinkhole Over 550 Kimwolf and Aisuru Botnet C2 Servers

AI Agents Emerge as New Authorization Bypass Threat

AI Agents Emerge as New Authorization Bypass Threat

Attackers Abuse c-ares DLL Side-Loading Vulnerability to Evade Defenses and Deploy Malware

Attackers Abuse c-ares DLL Side-Loading Vulnerability to Evade Defenses and Deploy Malware

Cyber Keywords
Cyber News
- 2026
  - January
  - February
Cyber Courses
MITRE ATT&CK
Contact Us

Cyber Keywords
Cyber News
- 2026
  - January
  - February
Cyber Courses
MITRE ATT&CK
Contact Us

End of Content.

Home
/
Matrices

RECONNAISSANCE

11

Gathering information to plan future operations

Active Scanning (T1595)
Gather Victim Host Information (T1592)
Gather Victim Identity Information (T1589)
Gather Victim Network Information (T1590)
Gather Victim Org Info (T1591)
Phishing for Information (T1598)
Search Closed Sources (T1597)
- Threat Intel Vendors (.001)
- Purchase Technical Data (.002)
Search Open Technical Databases (T1596)
Search Open Websites/Domains (T1593)
Search Threat Vendor Data (T1681)
Search Victim-Owned Websites (T1594)

RESOURCE DEVELOPMENT

8

Establishing resources to support operations

Acquire Access (T1650)
Acquire Infrastructure (T1583)
Compromise Accounts (T1586)
Compromise Infrastructure (T1584)
Develop Capabilities (T1587)
Establish Accounts (T1585)
Obtain Capabilities (T1588)
Stage Capabilities (T1608)

INITIAL ACCESS

11

Gaining initial foothold in the network

Content Injection (T1659)
Drive-by Compromise (T1189)
Exploit Public-Facing Application (T1190)
External Remote Services (T1133)
Hardware Additions (T1200)
Phishing (T1566)
Replication Through Removable Media (T1091)
Supply Chain Compromise (T1195)
Trusted Relationship (T1199)
Valid Accounts (T1078)
Wi-Fi Networks (T1669)

EXECUTION

17

Running malicious code on victim systems

Cloud Administration Command (T1651)
Command and Scripting Interpreter (T1059)
Container Administration Command (T1609)
Deploy Container (T1610)
ESXi Administration Command (T1675)
Exploitation for Client Execution (T1203)
Input Injection (T1674)
Inter-Process Communication (T1559)
Native API (T1106)
Poisoned Pipeline Execution (T1677)
Scheduled Task/Job (T1053)
Serverless Execution (T1648)
Shared Modules (T1129)
Software Deployment Tools (T1072)
System Services (T1569)
User Execution (T1204)
Windows Management Instrumentation (T1047)

PERSISTENCE

23

Maintaining foothold across system reboots

Account Manipulation (T1098)
- Additional Cloud Credentials (.001)
- Additional Email Delegate Permissions (.002)
- Additional Cloud Roles (.003)
- SSH Authorized Keys (.004)
- Device Registration (.005)
- Additional Container Cluster Roles (.006)
- Additional Local or Domain Groups (.007)
BITS Jobs (T1197)
Boot or Logon Autostart Execution (T1547)
- Registry Run Keys / Startup Folder (.001)
- Authentication Package (.002)
- Time Providers (.003)
- Winlogon Helper DLL (.004)
- Security Support Provider (.005)
- Kernel Modules and Extensions (.006)
- Re-opened Applications (.007)
- LSASS Driver (.008)
- Shortcut Modification .0029)
- Port Monitors (.010)
- Print Processors (.012)
- XDG Autostart Entries (.013)
- Active Setup (.014)
- Login Items (.015)
Boot or Logon Initialization Scripts (T1037)
- Logon Script (Windows) (.001)
- Login Hook (.002)
- Network Logon Script (.003)
- RC Scripts (.004)
- Startup Items (.005)
Cloud Application Integration (T1671)
Compromise Host Software Binary (T1554)
Create Account (T1136)
- Local Account (.001)
- Domain Account (.002)
- Cloud Account (.003)
Create or Modify System Process (T1543)
- Launch Agent (.001)
- Systemd Service (.002)
- Windows Service (.003)
- Launch Daemon (.004)
- Container Service (.005)
Event Triggered Execution (T1546)
- Change Default File Association (.001)
- Screensaver (.002)
- Windows Management Instrumentation Event Subscription (.003)
- Unix Shell Configuration Modification (.004)
- Trap (.005)
- LC_LOAD_DYLIB Addition (.006)
- Netsh Helper DLL (.007)
- Accessibility Features (.008)
- AppCert DLLs (.009)
- AppInit DLLs (.010)
- Application Shimming (.011)
- Image File Execution Options Injection (.012)
- PowerShell Profile (.013)
- Emond (.014)
- Component Object Model Hijacking (.015)
- Installer Packages (.016)
- Udev Rules (.017)
- Python Startup Hooks (.018)
Exclusive Control (T1668)
External Remote Services (T1133)
Hijack Execution Flow (T1574)
- DLL (.001)
- Dylib Hijacking (.004)
- Executable Installer File Permissions Weakness (.005)
- Dynamic Linker Hijacking (.006)
- Path Interception by PATH Environment Variable (.007)
- Path Interception by Search Order Hijacking (.008)
- Path Interception by Unquoted Path (.009)
- Services File Permissions Weakness (.010)
- Services Registry Permissions Weakness (.011)
- COR_PROFILER (.012)
- KernelCallbackTable (.013)
- AppDomainManager (.014)
Implant Internal Image (T1525)
Modify Authentication Process (T1556)
- Domain Controller Authentication (.001)
- Password Filter DLL (.002)
- Pluggable Authentication Modules (.003)
- Network Device Authentication (.004)
- Reversible Encryption (.005)
- Multi-Factor Authentication (.006)
- Hybrid Identity (.007)
- Network Provider DLL (.008)
- Conditional Access Policies (.009)
Modify Registry (T1112)
Office Application Startup (T1137)
- Office Template Macros (.001)
- Office Test (.002)
- Outlook Forms (.003)
- Outlook Home Page (.004)
- Outlook Rules (.005)
- Add-ins (.006)
Power Settings (T1653)
Pre-OS Boot (T1542)
- System Firmware (.001)
- Component Firmware (.02)
- Bootkit (.003)
- ROMMONkit (.004)
- TFTP Boot (.005)
Scheduled Task/Job (T1053)
- At (.002)
- Cron (.003)
- Scheduled Task (.005)
- Systemd Timers (.006)
- Container Orchestration Job (.007)
Server Software Component (T1505)
- SQL Stored Procedures (.001)
- Transport Agent (.002)
- Web Shell (.003)
- IIS Components (.004)
- Terminal Services DLL (.005)
- vSphere Installation Bundles (.006)
Software Extensions (T1176)
- Browser Extensions (.001)
- IDE Extensions (.002)
Traffic Signaling (T1205)
- Port Knocking (.001)
- Socket Filters (.002)
Valid Accounts (T1078)
- Default Accounts (.001)
- Domain Accounts (.002)
- Local Accounts (.003)
- Cloud Accounts (.004)

PRIVILEGE ESCALATION

14

Gaining higher-level permissions

Abuse Elevation Control Mechanism (T1548)
Access Token Manipulation (T1134)
Account Manipulation (T1098)
Boot or Logon Autostart Execution (T1547)
Boot or Logon Initialization Scripts (T1037)
Create or Modify System Process (T1543)
Domain or Tenant Policy Modification (T1484)
- Group Policy Modification (.001)
- Trust Modification (.002)
Escape to Host (T1611)
Event Triggered Execution (T1546)
Exploitation for Privilege Escalation (T1068)
Hijack Execution Flow (T1574)
Process Injection (T1055)
Scheduled Task/Job (T1053)
Valid Accounts (T1078)

DEFENSE EVASION

47

Avoiding detection by security controls

Abuse Elevation Control Mechanism (T1548)
- Setuid and Setgid (.001)
- Bypass User Account Control (.002)
- Sudo and Sudo Caching (.003)
- Elevated Execution with Prompt (.004)
- Temporary Elevated Cloud Access (.005)
- TCC Manipulation (.006)
Access Token Manipulation (T1134)
- Token Impersonation/Theft (.001)
- Create Process with Token (.002)
- Make and Impersonate Token (.003)
- Parent PID Spoofing (.004)
- SID-History Injection (.005)
BITS Jobs (T1197)
Build Image on Host (T1612)
Debugger Evasion (T1622)
Delay Execution (T1678)
Deobfuscate/Decode Files or Information (T1140)
Deploy Container (T1610)
Direct Volume Access (T1006)
Domain or Tenant Policy Modification (T1484)
- Group Policy Modification (.001)
- Trust Modification (.002)
Email Spoofing (T1672)
Execution Guardrails (T1480)
- Environmental Keying (.001)
- Mutual Exclusion (.002)
Exploitation for Defense Evasion (T1211)
File and Directory Permissions Modification (T1222)
- Windows File and Directory Permissions Modification (.001)
- Linux and Mac File and Directory Permissions Modification (.002)
Hide Artifacts (T1564)
- Hidden Files and Directories (.001)
- Hidden Users (.002)
- Hidden Window (.003)
- NTFS File Attributes (.004)
- Hidden File System (.005)
- Run Virtual Instance (.006)
- VBA Stomping (.007)
- Email Hiding Rules (.008)
- Resource Forking (.009)
- Process Argument Spoofing (.010)
- Ignore Process Interrupts (.011)
- File/Path Exclusions (.012)
- Bind Mounts (.013)
- Extended Attributes (.014)
Hijack Execution Flow (T1574)
- DLL (.001)
- Dylib Hijacking (.004)
- Executable Installer File Permissions Weakness (.005)
- Dynamic Linker Hijacking (.006)
- Path Interception by PATH Environment Variable (.007)
- Path Interception by Search Order Hijacking (.008)
- Path Interception by Unquoted Path (.009)
- Services File Permissions Weakness (.010)
- Services Registry Permissions Weakness (.011)
- COR_PROFILER (.012)
- KernelCallbackTable (.013)
- AppDomainManager (.014)
Impair Defenses (T1562)
- Disable or Modify Tools (.001)
- Disable Windows Event Logging (.002)
- Impair Command History Logging (.003)
- Disable or Modify System Firewall (.004)
- Indicator Blocking (.006)
- Disable or Modify Cloud Firewall (.007)
- Disable or Modify Cloud Logs (.008)
- Safe Mode Boot (.009)
- Downgrade Attack (.010)
- Spoof Security Alerting (.011)
- Disable or Modify Linux Audit System (.012)
- Disable or Modify Network Device Firewall (.013)
Impersonation (T1656)
Indicator Removal (T1070)
- Clear Windows Event Logs (.001)
- Clear Linux or Mac System Logs (.002)
- Clear Command History (.003)
- File Deletion (.004)
- Network Share Connection Removal (.005)
- Timestomp (.006)
- Clear Network Connection History and Configurations (.007)
- Clear Mailbox Data (.008)
- Clear Persistence (.009)
- Relocate Malware (.010)
Indirect Command Execution (T1202)
Masquerading (T1036)
- Invalid Code Signature (.001)
- Right-to-Left Override (.002)
- Rename Legitimate Utilities (.003)
- Masquerade Task or Service (.004)
- Match Legitimate Resource Name or Location (.005)
- Space after Filename (.006)
- Double File Extension (.007)
- Masquerade File Type (.008)
- Break Process Trees (.009)
- Masquerade Account Name (.010)
- Overwrite Process Arguments (.011)
- Browser Fingerprint (.012)
Modify Authentication Process (T1556)
- Domain Controller Authentication (.001)
- Password Filter DLL (.002)
- Pluggable Authentication Modules (.003)
- Network Device Authentication (.004)
- Reversible Encryption (.005)
- Multi-Factor Authentication (.006)
- Hybrid Identity (.007)
- Network Provider DLL (.008)
- Conditional Access Policies (.009)
Modify Cloud Compute Infrastructure (T1578)
- Create Snapshot (.001)
- Create Cloud Instance (.002)
- Delete Cloud Instance (.003)
- Revert Cloud Instance (.004)
- Modify Cloud Compute Configurations (.005)
Modify Cloud Resource Hierarchy (T1666)
Modify Registry (T1112)
Modify System Image (T1601)
- Patch System Image (.001)
- Downgrade System Image (.002)
Network Boundary Bridging (T1599)
- Network Address Translation Traversal (.001)
Obfuscated Files or Information (T1027)
- Binary Padding (.001)
- Software Packing (.002)
- Steganography (.003)
- Compile After Delivery (.004)
- Indicator Removal from Tools (.005)
- HTML Smuggling (.006)
- Dynamic API Resolution (.007)
- Stripped Payloads (.008)
- Embedded Payloads (.009)
- Command Obfuscation (.0110)
- Fileless Storage (.011)
- LNK Icon Smuggling (.012)
- Encrypted/Encoded File (.013)
- Polymorphic Code (.014)
- Compression (.015)
- Junk Code Insertion (.016)
- SVG Smuggling (.017)
Plist File Modification (T1647)
Pre-OS Boot (T1542)
- System Firmware (.001)
- Component Firmware (.002)
- Bootkit (.003)
- ROMMONkit (.004)
- TFTP Boot (.005)
Process Injection (T1055)
- Dynamic-link Library Injection (.001)
- Portable Executable Injection (.002)
- Thread Execution Hijacking (.003)
- Asynchronous Procedure Call (.004)
- Thread Local Storage (.005)
- Ptrace System Calls (.008)
- Proc Memory (.009)
- Extra Window Memory Injection (.011)
- Process Hollowing (.012)
- Process Doppelgänging (.013)
- VDSO Hijacking (.014)
- ListPlanting (.015)
Reflective Code Loading (T1620)
Rogue Domain Controller (T1207)
Rootkit (T1014)
Selective Exclusion (T1679)
Subvert Trust Controls (T1553)
- Gatekeeper Bypass (.001)
- Code Signing (.002)
- SIP and Trust Provider Hijacking (.003)
- Install Root Certificate (.004)
- Mark-of-the-Web Bypass (.005)
- Code Signing Policy Modification (.006)
System Binary Proxy Execution (T1218)
- Compiled HTML File (.001)
- Control Panel (.002)
- CMSTP (.003)
- InstallUtil (.004)
- Mshta (.005)
- Msiexec (.007)
- Odbcconf (.008)
- Regsvcs/Regasm (.009)
- Regsvr32 (.010)
- Rundll32 (.011)
- Verclsid (.012)
- Mavinject (.013)
- MMC (.014)
- Electron Applications (.015)
System Script Proxy Execution (T1216)
- PubPrn (.001)
- SyncAppvPublishingServer (.002)
Template Injection (T1221)
Traffic Signaling (T1205)
- Port Knocking (.001)
- Socket Filters (.002)
Trusted Developer Utilities Proxy Execution (T1127)
- MSBuild (.001)
- ClickOnce (.002)
- JamPlus (.003)
Unused/Unsupported Cloud Regions (T1535)
Use Alternate Authentication Material (T1550)
- Application Access Token (.001)
- Pass the Hash (.002)
- Pass the Ticket (.003)
- Web Session Cookie (.004)
Valid Accounts (T1078)
- Default Accounts (.001)
- Domain Accounts (.002)
- Local Accounts (.003)
- Cloud Accounts (.004)
Virtualization/Sandbox Evasion (T1497)
- System Checks (.001)
- User Activity Based Checks (.002)
- Time Based Checks (.003)
Weaken Encryption (T1600)
- Reduce Key Space (.001)
- Disable Crypto Hardware (.002)
XSL Script Processing (T1220)

CREDENTIAL ACCESS

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

DISCOVERY

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

LATERAL MOVEMENT

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

COLLECTION

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

COMMAND AND CONTROL

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

EXFILTRATION

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

IMPACT

17

Stealing account names and passwords

Brute Force
- Password Guessing
- Password Spraying
OS Credential Dumping
- LSASS Memory
- Security Account Manager
Credentials from Password Stores
- Windows Credential Manager
- Password Managers
Steal or Forge Kerberos Tickets
Unsecured Credentials
Network Sniffing

Cyber Keywords
Cyber News
- 2026
  - January
  - February
Cyber Courses
MITRE ATT&CK
Contact Us

Cyber Keywords
Cyber News
- 2026
  - January
  - February
Cyber Courses
MITRE ATT&CK
Contact Us

Facebook Linkedin Instagram Discord Tiktok

Copyright © 2026. All rights reserved

Ask ChatGPT

Word Limit

Set ChatGPT API key

Find your Secret API key in your ChatGPT User settings and paste it here to connect ChatGPT with your Courses LMS website.

Enable ChatGPT

Accelerate Cyber Pulse Academy

Join us in revolutionizing cybersecurity education.
Your contribution directly funds:

Certification Courses

Hands-On Labs

Threat Intelligence

Latest Cyber News

MITRE ATT&CK Breakdown

All Cyber Keywords

Every contribution moves us closer to our goal: making world-class cybersecurity education accessible to ALL.

Choose the amount of donation by yourself.

Every contribution helps us deliver better cybersecurity education, faster