* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate)
* credential theft

# Palo Alto Networks

## credential theft

[![Detecting Credential Stealing with Cortex XDR](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2022/03/Serious-Man-2-1.jpg)](https://www.paloaltonetworks.com.au/blog/security-operations/detecting-credential-stealing-with-cortex-xdr/)  
[Detecting Credential Stealing with Cortex XDR
\---------------------------------------------](https://www.paloaltonetworks.com.au/blog/security-operations/detecting-credential-stealing-with-cortex-xdr/)

In this blog post, we review some common credential stealing techniques, mainly focusing on Mimikatz implementation, demonstrate attack scenarios using Mimikatz and explain how Cortex XDR protects our customers against these kinds of attacks.  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
Apr 04, 2022  
By [Hila Cohen](https://www.paloaltonetworks.com/blog/author/hila-cohen/?ts=markdown "Posts by Hila Cohen")

## Palo Alto Networks

*** ** * ** ***

[Announcements](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

*** ** * ** ***

[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

*** ** * ** ***

[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

*** ** * ** ***

[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

*** ** * ** ***

[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

*** ** * ** ***

[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

*** ** * ** ***

![Palo Alto Networks News of the Week: December 2, 2017](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/09/Linkedin-520x320-v1-2.png)  
[News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week: December 2, 2017](https://www.paloaltonetworks.com.au/blog/2017/12/palo-alto-networks-news-week-december-2-2017/)

Sit back, relax and enjoy the top Palo Alto Networks news of the week.  
Dec 02, 2017  
By [Justin Hall](https://www.paloaltonetworks.com/blog/author/justin-hall/?ts=markdown "Posts by Justin Hall")  
![Protect Legacy Apps and IoT From Credential Abuse With RSA and Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/11/blog-generic-banner-1.jpg)  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [IoT](https://www.paloaltonetworks.com/blog/category/iot/?ts=markdown)

## [Protect Legacy Apps and IoT From Credential Abuse With RSA and Palo Alto Ne...](https://www.paloaltonetworks.com.au/blog/2017/11/protect-legacy-apps-iot-credential-abuse-rsa-palo-alto-networks/)

Protect legacy applications and IoT from credential abuse with RSA and Palo Alto Networks.  
Nov 29, 2017  
By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross")  
![Threat Brief: Conversation Hijacking Spear Phishing](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/03/Linkedin.jpg)  
[Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown)

## [Threat Brief: Conversation Hijacking Spear Phishing](https://www.paloaltonetworks.com.au/blog/2017/10/threat-brief-conversation-hijacking-spear-phishing/)

New Unit 42 Threat Brief: FreeMilk and using hijacked conversations as a vehicle for Spear Phishing.  
Oct 05, 2017  
By [Christopher Budd](https://www.paloaltonetworks.com/blog/author/christopher-budd/?ts=markdown "Posts by Christopher Budd")  
![Palo Alto Networks News of the Week – June 24, 2017](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/11/blog-generic-banner-1.jpg)  
[News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week -- June 24, 2017](https://www.paloaltonetworks.com.au/blog/2017/06/palo-alto-networks-news-week-june-17-2017-2/)

Did you miss any of this week's Palo Alto Networks action? Don't worry -- we've rounded up our top news and views right here:  
Jun 24, 2017  
By [Justin Hall](https://www.paloaltonetworks.com/blog/author/justin-hall/?ts=markdown "Posts by Justin Hall")  
![Practice Makes Perfect: Nemucod Evolves Delivery and Obfuscation Techniques to Harvest Credentials](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Practice Makes Perfect: Nemucod Evolves Delivery and Obfuscation Techniques...](https://www.paloaltonetworks.com.au/blog/2017/05/unit42-practice-makes-perfect-nemucod-evolves-delivery-obfuscation-techniques-harvest-credentials/)

Unit 42 research team have been investigating a wave of Nemucod downloader malware that uses weaponized documents to deploy encoded, and heavily obfuscated JavaScript, ultimately l...  
May 11, 2017  
By [Alex Hinchliffe](https://www.paloaltonetworks.com/blog/author/alex-hinchliffe/?ts=markdown "Posts by Alex Hinchliffe")  
![Threat Brief: Credential Theft - The Keystone of the Shamoon 2 Attacks](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/03/Linkedin.jpg)  
[Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown)

## [Threat Brief: Credential Theft - The Keystone of the Shamoon 2 Attacks](https://www.paloaltonetworks.com.au/blog/2017/03/unit42-threat-brief-credential-theft-keystone-shamoon-2-attacks/)

New Unit 42 Threat Brief: Credential Theft - The Keystone of the Shamoon 2 Attacks.  
Mar 27, 2017  
By [Christopher Budd](https://www.paloaltonetworks.com/blog/author/christopher-budd/?ts=markdown "Posts by Christopher Budd")  
![Shamoon 2: Delivering Disttrack](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/03/Shamoon-diagram-social-ads-final_unit-42-diagram-linkedin-520x320.png)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Shamoon 2: Delivering Disttrack](https://www.paloaltonetworks.com.au/blog/2017/03/unit42-shamoon-2-delivering-disttrack/)

Unit 42's continued investigation into Shamoon 2 has unearthed more details into the method by which the threat actors delivered the Disttrack payload.  
Mar 27, 2017  
By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone") and [Bryan Lee](https://www.paloaltonetworks.com/blog/author/bryan-lee/?ts=markdown "Posts by Bryan Lee")  
![Palo Alto Networks News of the Week – March 25, 2017](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/11/blog-generic-banner-1.jpg)  
[News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week -- March 25, 2017](https://www.paloaltonetworks.com.au/blog/2017/03/palo-alto-networks-news-week-march-25-2017/)

Sit back, relax and enjoy the top Palo Alto Networks news of the week.  
Mar 25, 2017  
By [Justin Hall](https://www.paloaltonetworks.com/blog/author/justin-hall/?ts=markdown "Posts by Justin Hall")  
![New White Paper on Preventing Credential Phishing, Theft and Abuse](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/03/Linkedin.jpg)  
[Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [New White Paper on Preventing Credential Phishing, Theft and Abuse](https://www.paloaltonetworks.com.au/blog/2017/03/unit42-new-white-paper-preventing-credential-phishing-theft-abuse/)

Get Unit 42's latest white paper: "Credential-Based Attacks: Exposing the Ecosystem and Motives Behind Credential Phishing, Theft and Abuse"  
Mar 21, 2017  
By [Christopher Budd](https://www.paloaltonetworks.com/blog/author/christopher-budd/?ts=markdown "Posts by Christopher Budd")  
![PAN-OS 8.0: Announcing New and Expanded Partner Integrations](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/11/blog-generic-banner-1.jpg)  
[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

## [PAN-OS 8.0: Announcing New and Expanded Partner Integrations](https://www.paloaltonetworks.com.au/blog/2017/03/pan-os-8-0-announcing-new-expanded-partner-integrations/)

PAN-OS 8.0: Announcing New and expanded partner integrations.  
Mar 13, 2017  
By [Eila Shargh](https://www.paloaltonetworks.com/blog/author/eila-shargh/?ts=markdown "Posts by Eila Shargh")  
![Palo Alto Networks News of the Week – February 18, 2017](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/11/blog-generic-banner-1.jpg)  
[News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week -- February 18, 2017](https://www.paloaltonetworks.com.au/blog/2017/02/palo-alto-networks-news-week-february-18-2017/)

Sit back, relax and enjoy the top Palo Alto Networks news of the week!  
Feb 18, 2017  
By [Justin Hall](https://www.paloaltonetworks.com/blog/author/justin-hall/?ts=markdown "Posts by Justin Hall")  
![What Is a Credential-Based Attack?](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/02/social-graphic-temp-Dec-PT-SC-Linkedin-698x400.jpg)  
[Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

## [What Is a Credential-Based Attack?](https://www.paloaltonetworks.com.au/blog/2017/02/credential-based-attack/)

Phishing and credential-based attacks have proven to be one of the most effective means of penetrating an organization. Attackers utilize various password-theft techniques to breach organizations, compromise their networks and steal critical data. There are two elements...  
Feb 16, 2017  
By [Karin Shopen](https://www.paloaltonetworks.com/blog/author/karin-shopen/?ts=markdown "Posts by Karin Shopen") ![PAN-OS 8.0: Preventing Credential-Based Attacks](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/11/blog-generic-banner-1.jpg)  
[Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

## [PAN-OS 8.0: Preventing Credential-Based Attacks](https://www.paloaltonetworks.com.au/blog/2017/02/pan-os-8-0-preventing-credential-based-attacks/)

Learn how to prevent credential-based attacks with PAN-OS 8.0  
Feb 07, 2017  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
![Announcing PAN-OS 8.0 – Our Biggest Launch Yet!](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2017/02/rome-twitter2-440x220.jpg)  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

## [Announcing PAN-OS 8.0 -- Our Biggest Launch Yet!](https://www.paloaltonetworks.com.au/blog/2017/02/announcing-pan-os-8-0-biggest-launch-yet/)

Learn about PAN-OS 8.0, the largest product and feature release in the history of Palo Alto Networks.  
Feb 07, 2017  
By [Frank Mong](https://www.paloaltonetworks.com/blog/author/frank-mong/?ts=markdown "Posts by Frank Mong")  
Load more blogs

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language