Free

Local Accounts

Organizations that do not enforce strong password policies and audit privileged account management can fall victim to attackers who leverage access to local accounts. With it, they can gain initial access, persistence, privilege escalation, or defense evasion. Learn how to detect and prevent this type of activity in this dynamic lab-based course.

Start Course Subscribe for Updates Need to train your team? Learn more

Create Free Account Need to train your team? Learn more

Time

intermediate

difficulty

ceu/cpe

Course Content

Local Accounts Technique

Course Description

With access to a local administrator or service account, an attacker can do a lot of damage. Adversaries who abuse this type of account can do things like access remote services, carry out administrative functions, or elevate privileges. They can also perform OS credential dumping. Threat actor FIN10 has been known to move throughout a system using a local administrator account.

While the mitigation strategies for this technique seem obvious, it’s important to know about effective strong password policies and how to audit your local account management, as well as how to detect suspicious activity related to local accounts.

Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the financially motivated threat group FIN10. Prevent adversaries from accomplishing the tactics of Defense Evasion, Persistence, Privilege Escalation, and Initial Access in your environment today.

What will I be able to accomplish after taking these courses?

You will be able to identify and validate critical threats related to threat actor attempts to exfiltrate your organization’s valuable data and potentially attempt to extort your organization for financial gain.

You will be able to use a SIEM tool to identify indicators of compromise and validate whether they should be investigated further.

You will learn response and mitigation recommendations to keep your organization safe.

What are the prerequisites for these courses?

Intermediate-level knowledge of defensive security is required. You should have some experience as a security engineer, SOC or security analyst, or similar role.

Familiarity with using a SIEM tool, like Splunk or ELK is strongly recommended.

Experience using command-line tools is required.

Cybrary's MITRE ATT&CK Defender (MAD) ATT&CK Fundamentals Course is recommended.

A basic understanding of offensive security is beneficial. Those who have taken our Offensive Penetration Testing course or our OWASP Top Ten series of courses will be well prepared in this area.

This course is part of a Career Path:

No items found.

Instructed by

Senior Instructor

Matthew Mullins

Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

Senior Instructor

Owen Dubiel

Owen is certified in the GIAC GSEC, CompTIA CySA+, and various other vendor-related certifications. He works both as a technical security engineer and as an SME architect instructor in his spare time. Spreading the word of cyber security is a passion of his. Owen lives in Southeast Michigan with his beautiful wife, daughter, and his dog, Thor. In his free time, Owen enjoys watching sports and movies, and spending time with his family.

Provider

Certification Body

Certificate of Completion

Complete this entire course to earn a Local Accounts Certificate of Completion

Page URL

Copy