CircleCI Atomic Red Team doc generator
1.9 KiB
1.9 KiB
T1529 - System Shutdown/Reboot
Description from ATT&CK
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.(Citation: Microsoft Shutdown Oct 2017) Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.Adversaries may attempt to shutdown/reboot a system after impacting it in other ways, such as Disk Structure Wipe or Inhibit System Recovery, to hasten the intended effects on system availability.(Citation: Talos Nyetya June 2017)(Citation: Talos Olympic Destroyer 2018)
Atomic Tests
Atomic Test #1 - Shutdown System - Windows
This test shuts down a Windows system.
Supported Platforms: Windows
Inputs
| Name | Description | Type | Default Value |
|---|---|---|---|
| timeout | Timeout period before shutdown (seconds) | string | 1 |
Run it with command_prompt! Elevation Required (e.g. root or admin)
shutdown /s /t #{timeout}
Atomic Test #2 - Restart System - Windows
This test restarts a Windows system.
Supported Platforms: Windows
Inputs
| Name | Description | Type | Default Value |
|---|---|---|---|
| timeout | Timeout period before restart (seconds) | string | 1 |
Run it with command_prompt! Elevation Required (e.g. root or admin)
shutdown /r /t #{timeout}