The Mitre Att&ck Matrix has defined 17 sub-techniques to define the Credential Access Technique.
Adversary-in-the-Middle is when a threat actor intercepts traffic from a target to capture or manipulate before sending the data to the legitimate destination.
Brute Force is when a threat actor tries every possible password until a valid password is determined. This attack has a 100% success rate if given enough time when undetected. It can also be the most time-consuming.
Credentials from Password Stores are when a threat actor discovers a list/database of credentials stored on a system.
Exploitation for Credential Access is when an application that manages credentials or has credentials stored gets exploited, which results in the credentials getting leaked.
Forced Authentication is when a threat actor generates a prompt that asks for credentials to continue a fake task.
Forge Web Credentials are when a threat actor can generate a valid session cookie without knowing the credentials of their target.
Input Capture is when a threat actor utilizes hardware or software to capture user input in the hopes that the victim inadvertently provides credentials.
Modify Authentication Process is when a threat actor modifies an authentication process in a way that enables private keys or credentials can be obtained.
Network Sniffing is when a threat actor sniffs the network looking for credentials to get transmitted using insecure protocols such as HTTP or FTP.
OS Credential Dumping is when a threat actor locates and steals any known password hash that the threat actor knows about.
Steal Application Access Token is when a threat actor steals a session token belonging to an application, giving the threat actor access to a system with the same rights as the user the application is running as.
Steal or Forge Authentication Certificates this is when a threat actor steals or forges a certificate used for authentication purposes.
Steal or Forge Kerberos Tickets is when a threat actor steals or forges a Kerberos token for authentication.
Steal Web Session Cookie is when a threat actor steals a session cookie from a valid user.
Unsecured Credentials are plain text credentials stored physically or digitally in an environment.