← Back to Explore
T1078.001
Default Accounts
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Default accounts are those that are built-into an OS, such as the Guest or Administrator accounts on Windows systems. Default accounts also include default factory/provider set accounts on other types of systems, software, or devices, including the root user account in AWS, the root user account in ESXi, and the default service account in ...
WindowsSaaSIaaSLinuxmacOSContainersNetwork DevicesOffice SuiteIdentity ProviderESXi
8
Detections
3
Sources
4
Threat Actors
BY SOURCE
3sigma3splunk_escu2elastic
PROCEDURES (5)
Authentication Monitoring3 detections
Auto-extracted: 3 detections for authentication monitoring
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring
Token1 detections
Auto-extracted: 1 detections for token
Token1 detections
Auto-extracted: 1 detections for token
Privilege1 detections
Auto-extracted: 1 detections for privilege
THREAT ACTORS (4)
DETECTIONS (8)
Admin User Remote Logon
sigmalow
Guest Account Enabled Via Sysadminctl
sigmalow
Kubernetes Anonymous Request Authorized by Unusual User Agent
elasticmedium
Kubernetes Suspicious Assignment of Controller Service Account
elasticmedium
Okta New API Token Created
splunk_escu
Okta Phishing Detection with FastPass Origin Check
splunk_escu
Okta Suspicious Activity Reported
splunk_escu
Root Account Enable Via Dsenableroot
sigmamedium