This module explains credential harvesting: how attackers collect and reuse credentials to escalate privileges, common vectors and attack patterns, CI/CD risks, detection methods, and practical hardening steps. It offers actionable controls (secret scanning, vaults, monitoring, honeytokens) plus a final sprint challenge to reduce takeover risk.
Credential Harvesting and Reuse Risks — The Chaotic Clinic for Stolen Keys Imagine finding a janitor's keyring in the server room. Now imagine every key on it opens something important. We’ve already mapped the attack surface and practiced initial access in the last unit (you remember: recon...
What is Credential Harvesting? (And why it's like dumpster-diving) Credential harvesting is the collection of authentication material (passwords, tokens, keys, certificates, session cookies) from systems, users, or code. Attackers harvest credentials to impersonate users, escalate privileges, ...
Attack Patterns (Short, Memeworthy Analogies) Phishing: "You just handed me the keys because my email looked like HR." — attacker = social locksmith. Pass-the-Hash/Pass-the-Ticket: "I don't need the password if I can hand someone your ticket." — attacker uses authentication artifacts, not pl...
Build on DevSecOps: Where CI/CD Meets Credential Risk You learned to integrate vulnerability scanning into pipelines. Now extend that to secret and credential scanning and secrets management . Add secret scanning to CI (detect credentials in commits and pull requests). Tools: detect-secrets (Yel...
Detection and Response: Spotting Credential Theft in the Wild Good defenders combine telemetry and deception: Log sources: AD logs (auth failures, ticket anomalies), cloud IAM logs, EDR alerts, suspicious process behavior, unusual token usage. Anomaly detection: multiple failed logins followed...
Risk Table: Attack Types vs Mitigations Attack Vector Core Risk Defensive Controls Phishing / Social User credentials stolen MFA, phishing-resistant auth (FIDO2), user training, simulated phishing Credential Reuse Compromise across services Password managers, unique passwords, br...
Practical Hardening Checklist (Prioritize these) Enforce MFA or phishing-resistant MFA for all sensitive accounts. Integrate secret scanning into CI/CD — block PRs with detected secrets and automate rotation. Use a centralized secrets manager and short-lived ephemeral credentials for services ...
Closing — The Takeaway You’ll Actually Remember Credentials are the most abused resources in modern environments because they’re easy to harvest and extremely powerful when reused. Your pipeline scans and vulnerability remediation practices are great — now extend that discipline to secrets and cre...
10 study modes available based on your content