Home/ MITRE Matrix/ Credential Access/ T1187

T1187Forced Authentication

T1187 — Forced Authentication is a MITRE ATT&CK technique in the Credential Access tactic. Clankerusecase tracks 7 detection use cases covering it and 1 threat-intel article citing it.

Credential Access

View on the matrix → Filter Detection Library MITRE official spec ↗

7Use cases

1Articles

0Sub-techniques

1Tactic

Use cases covering this technique (7)

PetitPotam Network Share Access Request ESCU actions · alerting P Windows Credential Target Information Structure in Commandline ESCU actions · alerting P Windows Kerberos Coercion via DNS ESCU actions · alerting P Windows Short Lived DNS Record ESCU actions · alerting P Windows Theme File Creation in Unusual Location ESCU actions · hunting P DNS Kerberos Coercion ESCU actions · alerting P [LLM] Outbound SMB 445 from PeopleSoft host — NetNTLM hash capture Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (1)

crit ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities art-37