exfiltrating a credential provides persistent access (until detected and rotated) tho! probably one of the more leveraged things to prevent