Detections
Analytics
Valid Accounts: Local Accounts
Description
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | WMI | List of Local Users | Plugin ID: 72684 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access
Technique: Valid Accounts
Sub-Technique: Local Accounts
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q2