Summary
Monitor for any usage of these account, which will be pushed out to all clients in the site.Linked Defensive IDs
- PREVENT-3: Harden or disable network access accounts
- PREVENT-10: Enforce the principle of least privilege for accounts
Associated Offensive IDs
- CRED-1: Retrieve secrets from PXE boot media
- CRED-2: Request machine policy and deobfuscate secrets
- CRED-3: Dump currently deployed secrets via WMI
- CRED-4: Retrieve legacy secrets from the CIM repository
- CRED-5: Dump credentials from the site database