Valid Accounts: Local Accounts


Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable.ioAdvanced Network ScanWindows machinesAuthenticated ScanWMIList of Local UsersPlugin ID: 72684


Enumerate Users via WMI

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Defense Evasion, Persistence, Privilege Escalation, Initial Access

Technique: Valid Accounts

Sub-Technique: Local Accounts

Platform: Windows

Products Required:

Tenable Release Date: 2022 Q2