Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. Bash History), operating system or other specialized files/artifacts (e.g. Private Keys).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.