Common Information
| Type | Value |
|---|---|
| Value |
Private Keys - T1552.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures.(Citation: Wikipedia Public Key Crypto) Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc. Adversaries may also look in common key directories, such as <code>~/.ssh</code> for SSH keys on * nix-based systems or <code>C:\Users\(username)\.ssh\</code> on Windows. Adversary tools may also search compromised systems for file extensions relating to cryptographic keys and certificates.(Citation: Kaspersky Careto)(Citation: Palo Alto Prince of Persia) When a device is registered to Azure AD, a device key and a transport key are generated and used to verify the device’s identity.(Citation: Microsoft Primary Refresh Token) An adversary with access to the device may be able to export the keys in order to impersonate the device.(Citation: AADInternals Azure AD Device Identities) On network devices, private keys may be exported via [Network Device CLI](https://attack.mitre.org/techniques/T1059/008) commands such as `crypto pki export`.(Citation: cisco_deploy_rsa_keys) Some private keys require a password or passphrase for operation, so an adversary may also use [Input Capture](https://attack.mitre.org/techniques/T1056) for keylogging or attempt to [Brute Force](https://attack.mitre.org/techniques/T1110) the passphrase off-line. These private keys can be used to authenticate to [Remote Services](https://attack.mitre.org/techniques/T1021) like SSH or for use in decrypting other collected files such as email. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-17 | 1 | Digital certificates | ||
| Details | Website | 2024-11-17 | 0 | Buffer Overflow Attacks: Best Practices Against it in Cybersecurity. | ||
| Details | Website | 2024-11-16 | 1 | The Authorities Of The Internet: Understanding Certificate Authorities | ||
| Details | Website | 2024-11-15 | 2 | STOLEN NFTs RECOVERY HACKER FOR HIRE REVIEWS> BRUNOE QUICK HACK > +17057842635 | ||
| Details | Website | 2024-11-15 | 0 | Active Directory Certificate Services— Part 1 | ||
| Details | Website | 2024-11-15 | 2 | ViperSoftX: Tracking And Countering a Persistent Threat - CUJO AI | ||
| Details | Website | 2024-11-13 | 0 | Day 4: Introduction to OS Security — Offensive Security Basics | ||
| Details | Website | 2024-11-13 | 2 | PKI and CLM Insights from 2024: Preparing for a Cyber Resilient 2025 | ||
| Details | Website | 2024-11-13 | 2 | Black Alps 2024: Highlights from Switzerland Cybersecurity Ecosystem | ||
| Details | Website | 2024-11-13 | 0 | Crypto Network Security: Essential Tips To Protect Your Digital Assets In 2023 | ||
| Details | Website | 2024-11-13 | 0 | Mastering Crypto Wallet Management: Secure Your Digital Assets With Confidence | ||
| Details | Website | 2024-11-12 | 2 | "How XBANKING’s Non-Custodial Model Enhances Security and Control for DeFi Investors" | ||
| Details | Website | 2024-11-12 | 0 | S/MIME vs PGP — A Comprehensive Comparison of Email Security Protocols | ||
| Details | Website | 2024-11-12 | 3 | How to connect to an Amazon EC2 Instance | ||
| Details | Website | 2024-11-11 | 2 | computer & mobile forensics VS cybercrime | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 7 | Don’t Fall for these Scams, Top Tips, Tricks & Insights to Keep You Safe & Secure in Web3 — Crypto… | ||
| Details | Website | 2024-11-11 | 0 | Secret Key Exchange: Diffie-Hellman Algorithm | ||
| Details | Website | 2024-11-09 | 18 | BugBounty — Mastering the Basics (along with Resources)[Part-3] | ||
| Details | Website | 2024-11-08 | 0 | The Security Risks of Blockchain Technology | ||
| Details | Website | 2024-11-08 | 35 | Life on a crooked RedLine: Analyzing the infamous infostealer’s backend | ||
| Details | Website | 2024-11-07 | 2 | From Secure to Vulnerable: The Impact of Quantum Computing on RSA Encryption and Other Digital… | ||
| Details | Website | 2024-11-07 | 28 | What is Ryuk Ransomware? The Complete Breakdown | ||
| Details | Website | 2024-11-06 | 0 | What is a Man-in-the-Middle (MITM) Attack? : A Layman’s Guide | ||
| Details | Website | 2024-11-06 | 162 | Certik Skynet Quiz Answer | ||
| Details | Website | 2024-11-06 | 0 | Navigating DORA: Essential IT Security and Compliance Practices for Financial Institutions |