T1078.003SubTechniquedefense-evasionpersistenceprivilege-escalationinitial-accessagent-callable

T1078.003Local Accounts

Sub-technique of T1078

Platforms: Linux · macOS · Windows · Containers · Network

ATT&CK version: 14.1

What it is

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service. Local Accounts may also be abused to elevate privileges and harvest credentials through [OS Credential Dumping](https://attack.mitre.org/techniques/T1003). Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.

ATT&CK tactics· 4

Defense EvasionPersistencePrivilege EscalationInitial Access

References

  1. https://attack.mitre.org/techniques/T1078/003
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.
T1078.003: Local Accounts | SQUR Knowledge Base