Adding Mac rc.common persistence
This commit is contained in:
Chris Long
@@ -0,0 +1,15 @@
|
||||
# rc.common
|
||||
|
||||
MITRE ATT&CK Technique: [T1163](https://attack.mitre.org/wiki/Technique/T1163)
|
||||
|
||||
Input:
|
||||
|
||||
echo osascript -e 'tell app "Finder" to display dialog "Hello World"' >> /etc/rc.common
|
||||
|
||||
Modify:
|
||||
|
||||
/etc/rc.common
|
||||
|
||||
|
||||
|
||||
[Reference](https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html)
|
||||
+1
-1
@@ -15,7 +15,7 @@
|
||||
| Login Item | | Hidden Window | Two-Factor Authentication Interception | [System Network Configuration Discovery](Discovery/System_Network_Configuration_Discovery.md) | | | | | Multi-hop Proxy |
|
||||
| [Logon Scripts](Persistence/Logon_Scripts.md) | | Indicator Removal from Tools | | System Network Connections Discovery | | | | | Multiband Communication |
|
||||
| [Plist Modification](Persistence/Plist_Modification.md) | | [Indicator Removal on Host](Defense_Evasion/Indicator_Removal_On_Host.md) | | [System Owner/User Discovery](Discovery/System_Owner_User_Discovery.md) | | | | | Multilayer Encryption |
|
||||
| Rc.common | | LC_MAIN Hijacking | | | | | | | Remote File Copy |
|
||||
| [Rc.common](Persistence/Rc.common.md) | | LC_MAIN Hijacking | | | | | | | Remote File Copy |
|
||||
| [Re-opened Applications](Persistence/Re-opened_Applications.md) | | [Launchctl](Defense_Evasion/Launchctl.md) | | | | | | | Standard Application Layer Protocol |
|
||||
| Redundant Access | | Masquerading | | | | | | | Standard Cryptographic Protocol |
|
||||
| [Startup Items](Persistence/Startup_Items.md) | | Obfuscated Files or Information | | | | | | | Standard Non-Application Layer Protocol |
|
||||
|
||||
Reference in New Issue
Block a user