Type
Active Scanning
D3FEND Tactic
File Analysis (D3-FA)
TL;DR
Detects at-risk secrets across an organization's systems.
Description
The process of automatically detecting exposed or cleartext secrets like API keys, passwords, and certificates, within an organization's systems.
Techniques
Abuse access to existing KMS keyCredential harvesting from code repositoryRegistry secret scanning