Credential Dumping Definition & Meaning
Credential dumping is a type of cyber attack where a computer is breached and usernames and passwords are obtained by the attacker. This can be harmful if it happens to your personal computer, but it can be absolutely devastating if an attacker is able to perform credential dumping on a computer that is a part of a larger network.
This hacking technique is implemented after a computer has been breached by the attacker. Usernames and passwords are extremely valuable to cybercriminals and can be used to acquire sensitive information as well as to gain access to admin and other privileged account credentials and other computers on a network.
After gaining access to a computer, a hacker will perform credential dumping by gaining access to the cache of passwords that are stored in your computer’s memory. For user convenience, operating systems and browsers have the ability to save usernames and passwords and then automatically fill in your login information to sites and programs you frequent. Unfortunately, this convenience has come at a cost and can leave your information more vulnerable to credential theft and dumping.
One of the most common tools used to perform credit dumping is Mimikatz. This piece of code was created by Benjamin Delphy in 2007 in order to demonstrate a flaw in the security system of Windows. His code was successful and convinced Windows to eventually fix the flaw, and Mimikatz continued to be used for penetration and security testing. Sadly, the good intentions of the Mimikatz code have been taken advantage of, and it is now a popular tool for hackers.
How to avoid credential dumping
- Limit and monitor the use of admin passwords.
- Limit credential reuse.
- Implement multi-factor authentication.
- Use a password manager with a strong, unsaved password.
- Implement strong hashing and encryption.
- Monitor NTLM, access control lists, and lsass.exe.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »