Local Account (T1136.001)

Adversaries may create a local account to maintain access to victim systems. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service. With a sufficient level of access, the net user /add command can be used to create a local account. On macOS systems the dscl -create command can be used to create a local account. Such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.

Source: https://github.com/mitre/cti
Related Prelude attack chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Themes

Tags

Licenses

Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
Baron Samedit (Persistence)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to create a persistence user.