diff --git a/Mac/Persistence/Logon_Scripts.md b/Mac/Persistence/Logon_Scripts.md
new file mode 100644
index 00000000..57405b43
--- /dev/null
+++ b/Mac/Persistence/Logon_Scripts.md
@@ -0,0 +1,24 @@
+# Logon Scripts
+
+MITRE ATT&CK Technique: [T1037](https://attack.mitre.org/wiki/Technique/T1037)
+
+
+### Root level loginhook (executes for all users)
+
+Create the required plist file
+
+    sudo touch /private/var/root/Library/Preferences/com.apple.loginwindow.plist
+    
+Populate the plist with the location of your shell script
+	
+    sudo defaults write com.apple.loginwindow LoginHook /Library/Scripts/AtomicRedTeam.sh
+    
+### User level loginhook
+
+Create the required plist file in the target user's Preferences directory
+
+	touch /Users/$USER/Library/Preferences/com.apple.loginwindow.plist
+
+Populate the plist with the location of your shell script
+
+	defaults write com.apple.loginwindow LoginHook /Library/Scripts/AtomicRedTeam.sh