Dark Mode

Settings

Capec-564 Detail

Run Software at Logon

Detailed Software

Parents: 542

Threats: T79 T284 T287 T337 T389 T391 T403 T406

Description

Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.

Not present

External ID Source Link Description
CAPEC-564 capec https://capec.mitre.org/data/definitions/564.html
CWE-284 cwe http://cwe.mitre.org/data/definitions/284.html
T1037 ATTACK https://attack.mitre.org/wiki/Technique/T1037 Boot or Logon Initialization Scripts
T1543.001 ATTACK https://attack.mitre.org/wiki/Technique/T1543/001 Create or Modify System Process: Launch Agent
T1543.004 ATTACK https://attack.mitre.org/wiki/Technique/T1543/004 Create or Modify System Process: Launch Daemon
T1547 ATTACK https://attack.mitre.org/wiki/Technique/T1547 Boot or Logon Autostart Execution

Not present

Not present

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.