Local Account Discovery and Manipulation with MITRE ATT&CK

Local accounts are often the primary target for attackers looking to establish a foothold or escalate privileges within a network. Understanding how adversaries discover and manipulate these accounts is critical for securing modern operating systems. In this text-based course, you will transition from a security novice to understanding the exact techniques used to exploit and defend local accounts. You will explore practical, written scenarios that demonstrate how to detect unauthorized account creation and mitigate credential-based threats. What you'll learn: 1. Understand foundational account security concepts and the MITRE ATT&CK framework structure. 2. Identify common techniques used by adversaries to discover local accounts on Windows and Linux systems. 3. Analyze how unauthorized local accounts are created and manipulated for persistence. 4. Practice detecting suspicious account activity using modern logging and event monitoring. 5. Apply secure configuration baselines and zero-trust principles to restrict local account privileges. 6. Configure defensive policies to mitigate credential dumping and lateral movement. You will start with key security terminology and core operating system architecture before moving into structured analyses of real-world attack patterns and defensive countermeasures. This course is designed for aspiring cybersecurity analysts, system administrators, and beginners with no prior security experience. Read through the structured lessons, analyze the code and command snippets, and start securing your systems today.