Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

gsecdump

gsecdump is a publicly-available credential dumper used to obtain password hashes and LSA secrets from Windows operating systems. [1]

ID: S0008
Aliases: gsecdump
Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1003Credential Dumpinggsecdump can dump Windows password hashes and LSA secrets.[1]

Groups

Groups that use this software:

APT1
BRONZE BUTLER
PittyTiger
Threat Group-3390

References