Credential Theft

• Credential Theft and How to Secure Credentials

Prevent network logon for local accounts
Prevent access to in-memory credentials
Prevent credentials from remaining in-memory when connecting remotely
Leverage protected users and control privileged users
https://technet.microsoft.com/en-us/security/dn920237.aspx

• Unofficial Guide to Mimikatz & Command Reference

Mimikatz is one of the best tools to gather credential data from Windows systems
https://adsecurity.org/?page_id=1821

• Credential stuffing

Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.

Anatomy of Attack

    The attacker acquires spilled usernames and passwords from a website breach or password dump site.
    The attacker uses an account checker to test the stolen credentials against many websites (for instance, social media sites or online marketplaces).
    Successful logins (usually 0.1-0.2% of the total login attempts) allow the attacker to take over the account matching the stolen credentials.
    The attacker drains stolen accounts of stored value, credit card numbers, and other personally identifiable information
    The attacker may also use account information going forward for other nefarious purposes (for example, to send spam or create further transactions)

https://www.owasp.org/index.php/Credential_stuffing