Valid Accounts: Local Accounts (T1078.003)

Tactics: Stealth, Persistence, Privilege Escalation, Initial Access · Platforms: Containers, ESXi, Linux, macOS, Network Devices, Windows

The interactive view maps 1 detection strategy, 4 mitigations, 12 threat groups, 5 software entries, 4 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.

Sub-technique of Valid Accounts (T1078).

Overview

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.

Local Accounts may also be abused to elevate privileges and harvest credentials through OS Credential Dumping. Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.

Explore