Local Account Discovery, Creation, and Manipulation
After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!
Already have an account? Sign In »

Module 1: APT41 Introduction
Module 2: Local Account Discovery, Creation, and Manipulation
2.1What is the “Create Account: Local Account” Technique?
2.2What is the “Account Manipulation” Technique?
2.3What is the “Account Discovery: Local Account” Technique?
2.4Detection, Validation, and Mitigation (Lab)
Adversaries may conduct discovery work on local accounts in order to identify targets for credential theft and privilege escalation. Plus, threat actors can create new accounts to maintain persistence on a target--whether they deploy malware near this stage or not. Adversaries might also modify user accounts to maintain persistence--as part of an action chain that results in the creation of an unauthorized, administrative user account.
Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactics of discovery and persistence.

Chris Daywalt
Security Freelancer

Matthew Mullins
Technical Manager, Red Team


Complete this entire course to earn a Local Account Discovery, Creation, and Manipulation Certificate of Completion