T1078.003 - Local Accounts
Sub-technique
Tactics:
Persistence Privilege Escalation Defense Evasion Initial Access
Persistence Privilege Escalation Defense Evasion Initial Access
Platforms:
Linux macOS Windows Containers +2
Linux macOS Windows Containers +2
Detection:
Not specified
Not specified
Description:
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
Local Accounts may also be abused to elevate privileges and harvest credentials through [OS Credential Dumping](https://attack.mitre.org/techniques/T1003). Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.
Local Accounts may also be abused to elevate privileges and harvest credentials through [OS Credential Dumping](https://attack.mitre.org/techniques/T1003). Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.
Used by Actors (12)
Metadata
| MITRE ID: | T1078.003 |
| STIX ID: | attack-pattern--fdc47f44-dd32-... |
| Platforms: | Linux, macOS, Windows, Containers, Network Devices, ESXi |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |