← LibraryTechnique entry
T1003.002Credential Access
Security Account Manager
Dump local SAM/SYSTEM hives to recover local account hashes.
§ Where this technique fits
T1003.002 is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.
Authoritative reference: attack.mitre.org/techniques/T1003/002/.