Valid Accounts: Default Accounts

Description

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Default accounts are those that are built-into an OS, such as the Guest or Administrator accounts on Windows systems. Default accounts also include default factory/provider set accounts on other types of systems, software, or devices, including the root user account in AWS and the default service account in Kubernetes.

Products, Sensors, and Dependencies

Product	Dependencies	Data source	Access required	Protocol	Data Collected	Notes
Tenable Vulnerability Management		Computer			Active vulnerabilities detected by Tenable Vulnerability Management plugins

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access

Technique: Valid Accounts

Sub-Technique: Default Accounts

Platform: Azure AD, Containers, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS

Products Required: Tenable Vulnerability Management

Tenable Release Date: 2024 Q2

Detections

Analytics

Valid Accounts: Default Accounts

Description

Products, Sensors, and Dependencies

Attack Path Technique Details