本地系统数据

可以从本地系统源（例如文件系统或系统上驻留的信息数据库）收集敏感数据。

本地系统数据包括操作系统存储的信息。访问本地系统数据通常需要提升权限（例如，root用户访问权限）。本地系统数据的示例包括身份验证令牌，设备键盘缓存，Wi-Fi密码和照片。

Data from Local System

Sensitive data can be collected from local system sources, such as the file system or databases of information residing on the system.

Local system data includes information stored by the operating system. Access to local system data often requires escalated privileges (e.g. root access). Examples of local system data include authentication tokens, the device keyboard cache, Wi-Fi passwords, and photos.

标签

ID编号： T1533

战术类型： 事后访问设备

策略： 收集

平台： Android，iOS

缓解措施

这种攻击技术无法通过预防性控制轻松缓解，因为它基于滥用系统功能。

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

检测

从本地系统访问数据可能很难检测到，因此，在对抗行为的其他阶段集中于检测可能会更好地为企业提供服务。

Accessing data from the local system can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.