Local Account Discovery, Creation, and Manipulation

After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!

Time
1 hour 38 minutes
Difficulty
Intermediate
CEU/CPE
2
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Course Content
Campaign Overview
10m

2.1What is the “Create Account: Local Account” Technique?

10m

2.2What is the “Account Manipulation” Technique?

8m

2.3What is the “Account Discovery: Local Account” Technique?

10m

2.4Detection, Validation, and Mitigation (Lab)

1h
Course Description

Adversaries may conduct discovery work on local accounts in order to identify targets for credential theft and privilege escalation. Plus, threat actors can create new accounts to maintain persistence on a target--whether they deploy malware near this stage or not. Adversaries might also modify user accounts to maintain persistence--as part of an action chain that results in the creation of an unauthorized, administrative user account.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactics of discovery and persistence.

Instructed By
Chris Daywalt

Chris Daywalt

Security Freelancer

Instructor
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Local Account Discovery, Creation, and Manipulation Certificate of Completion