Credential Cracking
ID: | TEQ-040 |
Phase(s): | Attack Execution |
Tactic(s): | Account Takeover |
Credential cracking is when an adversary attempts to identify valid login credentials by guessing different values for usernames and/or password combinations. In some cases the adversary will guess both usernames and passwords, and in others will have some part of the credentials (such as the username) and will try to guess the mising details (such as the password). Adversaries often employ a "brute-force" methodology when guessing, trying all possible variations and/or lists of the most common passwords for example.