{"description": "Enterprise techniques mitigated by Credential Access Protection, ATT&CK mitigation M1043 (v1.2)", "name": "Credential Access Protection (M1043)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "18", "navigator": "5.2.0"}, "techniques": [{"techniqueID": "T1547", "showSubtechniques": true}, {"techniqueID": "T1547.008", "comment": "On Windows 10 and Server 2016, enable Windows Defender Credential Guard (Citation: Microsoft Enable Cred Guard April 2017) to run lsass.exe in an isolated virtualized environment without any device drivers. (Citation: Microsoft Credential Guard April 2017)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1601", "comment": "Some embedded network devices are capable of storing passwords for local accounts in either plain-text or encrypted formats.  Ensure that, where available, local passwords are always encrypted, per vendor recommendations. (Citation: Cisco IOS Software Integrity Assurance - Credentials Management)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1601.001", "comment": "Some embedded network devices are capable of storing passwords for local accounts in either plain-text or encrypted formats.  Ensure that, where available, local passwords are always encrypted, per vendor recommendations. (Citation: Cisco IOS Software Integrity Assurance - Credentials Management)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1601.002", "comment": "Some embedded network devices are capable of storing passwords for local accounts in either plain-text or encrypted formats.  Ensure that, where available, local passwords are always encrypted, per vendor recommendations. (Citation: Cisco IOS Software Integrity Assurance - Credentials Management)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1599", "comment": "Some embedded network devices are capable of storing passwords for local accounts in either plain-text or encrypted formats.  Ensure that, where available, local passwords are always encrypted, per vendor recommendations.(Citation: Cisco IOS Software Integrity Assurance - AAA)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1599.001", "comment": "Some embedded network devices are capable of storing passwords for local accounts in either plain-text or encrypted formats.  Ensure that, where available, local passwords are always encrypted, per vendor recommendations. (Citation: Cisco IOS Software Integrity Assurance - AAA)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1003", "comment": "With Windows 10, Microsoft implemented new protections called Credential Guard to protect the LSA secrets that can be used to obtain credentials through forms of credential dumping. It is not configured by default and has hardware and firmware system requirements. (Citation: TechNet Credential Guard) It also does not protect against all forms of credential dumping. (Citation: GitHub SHB Credential Guard)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1003.001", "comment": "With Windows 10, Microsoft implemented new protections called Credential Guard to protect the LSA secrets that can be used to obtain credentials through forms of credential dumping. It is not configured by default and has hardware and firmware system requirements. It also does not protect against all forms of credential dumping.(Citation: TechNet Credential Guard)(Citation: GitHub SHB Credential Guard)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1558", "comment": "On Linux systems, protect resources with Security Enhanced Linux (SELinux) by defining entry points, process types, and file labels.(Citation: Brining MimiKatz to Unix) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1558.005", "comment": "Protect resources with Security Enhanced Linux (SELinux) by defining entry points, process types, and file labels.(Citation: Brining MimiKatz to Unix) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Credential Access Protection", "color": "#66b1ff"}]}