Local Account Discovery, Creation, and Manipulation

Cybrary

Course

After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!

Time

1 hour 38 minutes

Difficulty

Intermediate

CEU/CPE

NEED TO TRAIN YOUR TEAM? LEARN MORE

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Course Content

Module 1: APT41 Introduction

Campaign Overview

10m

Module 2: Local Account Discovery, Creation, and Manipulation

2.1What is the “Create Account: Local Account” Technique?

10m

2.2What is the “Account Manipulation” Technique?

2.3What is the “Account Discovery: Local Account” Technique?

10m

2.4Detection, Validation, and Mitigation (Lab)

Course Description

Adversaries may conduct discovery work on local accounts in order to identify targets for credential theft and privilege escalation. Plus, threat actors can create new accounts to maintain persistence on a target--whether they deploy malware near this stage or not. Adversaries might also modify user accounts to maintain persistence--as part of an action chain that results in the creation of an unauthorized, administrative user account.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactics of discovery and persistence.

Instructed By

Technical Manager, Red Team

Instructor

Provider

Certificate of Completion

Complete this entire course to earn a Local Account Discovery, Creation, and Manipulation Certificate of Completion

Domains

Defensive Security