They’ll then try to use these accounts as they start the lateral movement phase of their post-exploitation. If hackers can get a foothold on the system, they’ll look for this privileged local Administrator account as part of their evil checklist. “This really opened my eyes to AD security in a way defensive work never did.”