MITRE

ID : T1136.001
Tactic : Persistence
Platforms: Linux, Windows, macOS

Local Account

Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.Adversaries may create a local account to maintain access to victim systems.

Local Account On Windows

command prompt

Creating local user account using command prompt

syntax

net user [username] [password] /add

  
net user apt password123 /add

localuser

Creating local admin using command prompt

syntax

net user [username] [password] /add net localgroup [group] [username] /add

  
net user apt password123 /add

net localgroup administrators apt /add

localuseradmin

powershell

Creating local user account using powershell

syntax

New-LocalUser -Name [username]

  
New-LocalUser -Name apt

localuseradmin

Local Account On Linux

Creating local account on linux

syntax

useradd -M -N -r -s /bin/bash [username]

  
useradd -M -N -r -s /bin/bash apt

localuserlinux

Mitigations

Use multi-factor authentication for user and privileged accounts.
Limit the usage of local administrator accounts to be used for day-to-day operations that may expose them to potential adversaries.

Local Account

MITRE

Local Account

Local Account On Windows

command prompt

powershell

Local Account On Linux

Mitigations

References

Further Reading

SSH Authorized Keys

Persistence

Resource Development