Esc
Local Accounts - T1078.003
(ATT&CK® Technique)
Definition
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1078003["Local Accounts"] --> |uses| UserAccount["User Account"]; class T1078003 OffensiveTechniqueNode;
class UserAccount ArtifactNode; click UserAccount href "../../../dao/artifact/d3f:UserAccount";
click T1078003 href "../../../offensive-technique/attack/T1078.003/"; click UserAccount href "../../../dao/artifact/d3f:UserAccount"; T1078003["Local Accounts"] --> |uses| LocalUserAccount["Local User Account"]; class T1078003 OffensiveTechniqueNode;
class LocalUserAccount ArtifactNode; click LocalUserAccount href "../../../dao/artifact/d3f:LocalUserAccount";
click T1078003 href "../../../offensive-technique/attack/T1078.003/"; click LocalUserAccount href "../../../dao/artifact/d3f:LocalUserAccount"; LocalAccountMonitoring["Local Account Monitoring"] -->
| analyzes | LocalUserAccount["Local User Account"];
LocalAccountMonitoring["Local Account Monitoring"] -.->
| may-detect | T1078003["Local Accounts"] ;
class LocalAccountMonitoring DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click LocalAccountMonitoring href "../../../technique/d3f:LocalAccountMonitoring"; AccountLocking["Account Locking"] -->
| disables | UserAccount["User Account"];
AccountLocking["Account Locking"] -.->
| may-evict | T1078003["Local Accounts"] ;
class AccountLocking DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click AccountLocking href "../../../technique/d3f:AccountLocking"; AccountLocking["Account Locking"] -->
| disables | LocalUserAccount["Local User Account"];
class AccountLocking DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click AccountLocking href "../../../technique/d3f:AccountLocking"; RestoreUserAccountAccess["Restore User Account Access"] -->
| restores | UserAccount["User Account"];
RestoreUserAccountAccess["Restore User Account Access"] -.->
| may-restore | T1078003["Local Accounts"] ;
class RestoreUserAccountAccess DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click RestoreUserAccountAccess href "../../../technique/d3f:RestoreUserAccountAccess"; RestoreUserAccountAccess["Restore User Account Access"] -->
| restores | LocalUserAccount["Local User Account"];
class RestoreUserAccountAccess DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click RestoreUserAccountAccess href "../../../technique/d3f:RestoreUserAccountAccess"; UserAccountPermissions["User Account Permissions"] -->
| restricts | UserAccount["User Account"];
UserAccountPermissions["User Account Permissions"] -.->
| may-isolate | T1078003["Local Accounts"] ;
class UserAccountPermissions DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click UserAccountPermissions href "../../../technique/d3f:UserAccountPermissions"; UserAccountPermissions["User Account Permissions"] -->
| restricts | LocalUserAccount["Local User Account"];
class UserAccountPermissions DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click UserAccountPermissions href "../../../technique/d3f:UserAccountPermissions"; AgentAuthentication["Agent Authentication"] -->
| strengthens | UserAccount["User Account"];
AgentAuthentication["Agent Authentication"] -.->
| may-harden | T1078003["Local Accounts"] ;
class AgentAuthentication DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click AgentAuthentication href "../../../technique/d3f:AgentAuthentication"; AgentAuthentication["Agent Authentication"] -->
| strengthens | LocalUserAccount["Local User Account"];
class AgentAuthentication DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click AgentAuthentication href "../../../technique/d3f:AgentAuthentication"; UnlockAccount["Unlock Account"] -->
| restores | UserAccount["User Account"];
UnlockAccount["Unlock Account"] -.->
| may-restore | T1078003["Local Accounts"] ;
class UnlockAccount DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click UnlockAccount href "../../../technique/d3f:UnlockAccount"; UnlockAccount["Unlock Account"] -->
| restores | LocalUserAccount["Local User Account"];
class UnlockAccount DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click UnlockAccount href "../../../technique/d3f:UnlockAccount"; ChangeDefaultPassword["Change Default Password"] -->
| strengthens | UserAccount["User Account"];
ChangeDefaultPassword["Change Default Password"] -.->
| may-harden | T1078003["Local Accounts"] ;
class ChangeDefaultPassword DefensiveTechniqueNode;
class UserAccount ArtifactNode;
click ChangeDefaultPassword href "../../../technique/d3f:ChangeDefaultPassword"; ChangeDefaultPassword["Change Default Password"] -->
| strengthens | LocalUserAccount["Local User Account"];
class ChangeDefaultPassword DefensiveTechniqueNode;
class LocalUserAccount ArtifactNode;
click ChangeDefaultPassword href "../../../technique/d3f:ChangeDefaultPassword";