Hello, and welcome to this course in which we're talking about Python for credential access. In this video, we're going to introduce the credential access tactic of the MITRE ATT&CK Framework, and discuss some techniques that we can use to accomplish credential access. So, user credentials are a very valuable potential resource for an attacker for a variety of different reasons. One application of user credentials is expanding access. So if you can identify user credentials belonging to different systems, application or domain level network credentials, you have the potential to leverage those credentials to expand and move laterally through the target network. Another application of user credentials is elevating permissions on compromised systems. If an attacker can gain access to a low level user account, and use that to gain access to credentials for more privileged accounts, they can take over and use the permissions associated with that more privileged account to carry out their goals. And then finally, user credentials are useful for providing persistence and impairing detection. So, user accounts are used for legitimate purposes on the system. And so if an attacker has access to a user account and the defender doesn't realize that, then it can be more difficult to differentiate the attack from legitimate system use. And also, if the attacker's malware and potentially other influence on the system is destroyed, if they still have a valid login for a valid user account, they can simply reauthenticate, re-access the system and continue their attack. And so, because user credentials are so valuable to an attacker accessing these credentials, is a common stage in cyber attacks. The credentials can advance the attackers goals for all the reasons that we've discussed above. And even if they're not valuable in the short term, they're also useful commodities. User credentials are commonly for sale on dark web market places. And so if an attacker has compromised credentials, they may be able to get some value out of that data as well. And so, user credentials are a common weakness in organizations and networks defenses, because there's a variety of different ways that an attacker could compromise these credentials. Some ways to accomplish this from the outside are using Brute Force network sniffing, phishing, etc. So getting the credentials from the user or by taking advantage of internet facing authentication portals or network traffic. There's also want opportunities for credential access once an attacker is inside the system by taking advantage of credential stores, and dumping credentials from the operating system. Additionally, credentials aren't limited to usernames and passwords, it may be possible that an attacker could steal an application, access token or steal or forge Kerberos certificates. And so in this course, we're going to talk about two methods for using Python to gain access to user credentials. The first of these is taking advantage of Credentials and Password Stores. Or more specifically, the credentials that are stored by a Web Browser. After that, we'll discuss network sniffing and how that can provide additional access to User credentials from the network. And so in the next video, we'll start out with an introduction to the technique of extracting credentials from password stores. Thank you.
