| ID | Name |
|---|---|
| T2039.001 | Bash History |
| T2039.002 | Credentials In Files |
| T2039.003 | Private Keys |
| T2039.004 | VPN Credential |
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures. Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.