atomic-red-team/atomics/T1529/T1529.md

# T1529 - System Shutdown/Reboot
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1529)
<blockquote>Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.(Citation: Microsoft Shutdown Oct 2017) Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.

Adversaries may attempt to shutdown/reboot a system after impacting it in other ways, such as [Disk Structure Wipe](https://attack.mitre.org/techniques/T1487) or [Inhibit System Recovery](https://attack.mitre.org/techniques/T1490), to hasten the intended effects on system availability.(Citation: Talos Nyetya June 2017)(Citation: Talos Olympic Destroyer 2018)</blockquote>

## Atomic Tests

- [Atomic Test #1 - Shutdown System - Windows](#atomic-test-1---shutdown-system---windows)

- [Atomic Test #2 - Restart System - Windows](#atomic-test-2---restart-system---windows)


<br/>

## Atomic Test #1 - Shutdown System - Windows
This test shuts down a Windows system.

**Supported Platforms:** Windows


#### Inputs
| Name | Description | Type | Default Value | 
|------|-------------|------|---------------|
| timeout | Timeout period before shutdown (seconds) | string | 1|

#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
```
shutdown /s /t #{timeout}
```



<br/>
<br/>

## Atomic Test #2 - Restart System - Windows
This test restarts a Windows system.

**Supported Platforms:** Windows


#### Inputs
| Name | Description | Type | Default Value | 
|------|-------------|------|---------------|
| timeout | Timeout period before restart (seconds) | string | 1|

#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
```
shutdown /r /t #{timeout}
```



<br/>