Valid Accounts: Local Accounts (T1078.003)
Tactics: Stealth, Persistence, Privilege Escalation, Initial Access · Platforms: Containers, ESXi, Linux, macOS, Network Devices, Windows
The interactive view maps 1 detection strategy, 4 mitigations, 12 threat groups, 5 software entries, 4 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Valid Accounts (T1078).
Overview
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
Local Accounts may also be abused to elevate privileges and harvest credentials through OS Credential Dumping. Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.