How to Automate Incident Response to MITRE ATT&CK Technique T1003: OS Credential Dumping

In this blog post I’ll outline four incident response playbooks for MITRE ATT&CK Technique T1003: OS Credential Dumping. Credential Dumping is a technique that allows adversaries to steal user authentication materials, such as usernames and passwords, often from system memory. The indicators of compromise associated with this technique include unexpected and extensive read operations on system memory, suspicious processes, and anomalous network traffic patterns. By leveraging automation, security teams can become more strategic with their incident response and rest easy, …

adversaries amp att authentication blog blog post compromise credential credential access credential dumping dumping incident incident response indicators of compromise memory mitre mitre attack mitre att&amp mitre att&ck passwords playbooks response soar steal system usernames