Skip to content
Log in

Rogue account

Definition

A user or service account created by the attacker during the intrusion to maintain access independent of any compromised legitimate account. Rogue accounts may be given names designed to blend with legitimate accounts and may be added to privileged groups.

Related terms

Configuration drift
Deviation from an approved baseline configuration, whether caused by legitimate administrative action or by an attacker modifying settings to weaken defences or...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Persistence mechanism
The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron...
Reimaging
Wiping a compromised system and restoring it from a known-good operating system image. Reimaging is the most reliable eradication method for host-level...
Web shell
A script (typically PHP, ASP, or JSP) placed on a web server by an attacker to provide remote command execution via HTTP...

Explained in

  • Threat Eradication MethodsA user or service account created by the attacker during the intrusion to maintain access independent of any compromised legitimate account. Rogue accounts may...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account