Esc
Local Accounts - T1078.003
(ATT&CK® Technique)
Definition
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1078003["Local Accounts"] --> |uses| UserAccount["User Account"]; class T1078003 OffensiveTechniqueNode;
class UserAccount ArtifactNode; click UserAccount href "/dao/artifact/d3f:UserAccount";
click T1078003 href "/offensive-technique/attack/T1078.003/"; click UserAccount href "/dao/artifact/d3f:UserAccount"; T1078003["Local Accounts"] --> |produces| Authentication["Authentication"]; class T1078003 OffensiveTechniqueNode;
class Authentication ArtifactNode; click Authentication href "/dao/artifact/d3f:Authentication";
click T1078003 href "/offensive-technique/attack/T1078.003/"; click Authentication href "/dao/artifact/d3f:Authentication"; T1078003["Local Accounts"] --> |produces| Authorization["Authorization"]; class T1078003 OffensiveTechniqueNode;
class Authorization ArtifactNode; click Authorization href "/dao/artifact/d3f:Authorization";
click T1078003 href "/offensive-technique/attack/T1078.003/"; click Authorization href "/dao/artifact/d3f:Authorization"; T1078003["Local Accounts"] --> |uses| LocalUserAccount["Local User Account"]; class T1078003 OffensiveTechniqueNode;
class LocalUserAccount ArtifactNode; click LocalUserAccount href "/dao/artifact/d3f:LocalUserAccount";
click T1078003 href "/offensive-technique/attack/T1078.003/"; click LocalUserAccount href "/dao/artifact/d3f:LocalUserAccount"; One-timePassword["One-time Password"] -->
| authenticates | UserAccount["User Account"];
One-timePassword["One-time Password"] -.->
| May Harden | T1078003["Local Accounts"] ;
class One-timePassword DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click One-timePassword href "/technique/d3f:One-timePassword"; One-timePassword["One-time Password"] -->
| authenticates | LocalUserAccount["Local User Account"];
class One-timePassword DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click One-timePassword href "/technique/d3f:One-timePassword"; StrongPasswordPolicy["Strong Password Policy"] -->
| strengthens | UserAccount["User Account"];
StrongPasswordPolicy["Strong Password Policy"] -.->
| May Harden | T1078003["Local Accounts"] ;
class StrongPasswordPolicy DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; StrongPasswordPolicy["Strong Password Policy"] -->
| strengthens | LocalUserAccount["Local User Account"];
class StrongPasswordPolicy DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click StrongPasswordPolicy href "/technique/d3f:StrongPasswordPolicy"; UserAccountPermissions["User Account Permissions"] -->
| restricts | UserAccount["User Account"];
UserAccountPermissions["User Account Permissions"] -.->
| May Harden | T1078003["Local Accounts"] ;
class UserAccountPermissions DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; UserAccountPermissions["User Account Permissions"] -->
| restricts | LocalUserAccount["Local User Account"];
class UserAccountPermissions DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click UserAccountPermissions href "/technique/d3f:UserAccountPermissions"; AuthenticationEventThresholding["Authentication Event Thresholding"] -->
| analyzes | Authentication["Authentication"];
AuthenticationEventThresholding["Authentication Event Thresholding"] -.->
| May Detect | T1078003["Local Accounts"] ;
class AuthenticationEventThresholding DefensiveTechniqueNode;
class Authentication ArtifactNode;
click AuthenticationEventThresholding href "/technique/d3f:AuthenticationEventThresholding"; AuthorizationEventThresholding["Authorization Event Thresholding"] -->
| analyzes | Authorization["Authorization"];
AuthorizationEventThresholding["Authorization Event Thresholding"] -.->
| May Detect | T1078003["Local Accounts"] ;
class AuthorizationEventThresholding DefensiveTechniqueNode;
class Authorization ArtifactNode;
click AuthorizationEventThresholding href "/technique/d3f:AuthorizationEventThresholding"; JobFunctionAccessPatternAnalysis["Job Function Access Pattern Analysis"] -->
| analyzes | Authorization["Authorization"];
JobFunctionAccessPatternAnalysis["Job Function Access Pattern Analysis"] -.->
| May Detect | T1078003["Local Accounts"] ;
class JobFunctionAccessPatternAnalysis DefensiveTechniqueNode;
class Authorization ArtifactNode;
click JobFunctionAccessPatternAnalysis href "/technique/d3f:JobFunctionAccessPatternAnalysis"; LocalAccountMonitoring["Local Account Monitoring"] -->
| analyzes | LocalUserAccount["Local User Account"];
LocalAccountMonitoring["Local Account Monitoring"] -.->
| May Detect | T1078003["Local Accounts"] ;
class LocalAccountMonitoring DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click LocalAccountMonitoring href "/technique/d3f:LocalAccountMonitoring"; ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] -->
| analyzes | Authentication["Authentication"];
ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] -.->
| May Detect | T1078003["Local Accounts"] ;
class ResourceAccessPatternAnalysis DefensiveTechniqueNode;
class Authentication ArtifactNode;
click ResourceAccessPatternAnalysis href "/technique/d3f:ResourceAccessPatternAnalysis"; ResourceAccessPatternAnalysis["Resource Access Pattern Analysis"] -->
| analyzes | Authorization["Authorization"];
class ResourceAccessPatternAnalysis DefensiveTechniqueNode;
class Authorization ArtifactNode;
click ResourceAccessPatternAnalysis href "/technique/d3f:ResourceAccessPatternAnalysis"; SessionDurationAnalysis["Session Duration Analysis"] -->
| analyzes | Authentication["Authentication"];
SessionDurationAnalysis["Session Duration Analysis"] -.->
| May Detect | T1078003["Local Accounts"] ;
class SessionDurationAnalysis DefensiveTechniqueNode;
class Authentication ArtifactNode;
click SessionDurationAnalysis href "/technique/d3f:SessionDurationAnalysis"; AccountLocking["Account Locking"] -->
| disables | UserAccount["User Account"];
AccountLocking["Account Locking"] -.->
| May Evict | T1078003["Local Accounts"] ;
class AccountLocking DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click AccountLocking href "/technique/d3f:AccountLocking"; AccountLocking["Account Locking"] -->
| disables | LocalUserAccount["Local User Account"];
class AccountLocking DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click AccountLocking href "/technique/d3f:AccountLocking"; BiometricAuthentication["Biometric Authentication"] -->
| authenticates | UserAccount["User Account"];
BiometricAuthentication["Biometric Authentication"] -.->
| May Harden | T1078003["Local Accounts"] ;
class BiometricAuthentication DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click BiometricAuthentication href "/technique/d3f:BiometricAuthentication"; BiometricAuthentication["Biometric Authentication"] -->
| authenticates | LocalUserAccount["Local User Account"];
class BiometricAuthentication DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click BiometricAuthentication href "/technique/d3f:BiometricAuthentication"; Multi-factorAuthentication["Multi-factor Authentication"] -->
| authenticates | UserAccount["User Account"];
Multi-factorAuthentication["Multi-factor Authentication"] -.->
| May Harden | T1078003["Local Accounts"] ;
class Multi-factorAuthentication DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; Multi-factorAuthentication["Multi-factor Authentication"] -->
| authenticates | LocalUserAccount["Local User Account"];
class Multi-factorAuthentication DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click Multi-factorAuthentication href "/technique/d3f:Multi-factorAuthentication"; SessionDurationAnalysis["Session Duration Analysis"] -->
| analyzes | Authorization["Authorization"];
class SessionDurationAnalysis DefensiveTechniqueNode;
class Authorization ArtifactNode;
click SessionDurationAnalysis href "/technique/d3f:SessionDurationAnalysis"; RestoreUserAccountAccess["Restore User Account Access"] -->
| restores | UserAccount["User Account"];
RestoreUserAccountAccess["Restore User Account Access"] -.->
| May Restore | T1078003["Local Accounts"] ;
class RestoreUserAccountAccess DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess"; RestoreUserAccountAccess["Restore User Account Access"] -->
| restores | LocalUserAccount["Local User Account"];
class RestoreUserAccountAccess DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click RestoreUserAccountAccess href "/technique/d3f:RestoreUserAccountAccess"; UnlockAccount["Unlock Account"] -->
| restores | UserAccount["User Account"];
UnlockAccount["Unlock Account"] -.->
| May Restore | T1078003["Local Accounts"] ;
class UnlockAccount DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click UnlockAccount href "/technique/d3f:UnlockAccount"; UnlockAccount["Unlock Account"] -->
| restores | LocalUserAccount["Local User Account"];
class UnlockAccount DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click UnlockAccount href "/technique/d3f:UnlockAccount";