security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4042cb3433bce024e304500dcfe3c5590571573a
atomic-red-team/Mac/Persistence/Logon_Scripts.md
T
JeremyNGalloway bb6265128b initial upload
2018-02-21 11:56:35 -06:00

733 B
Raw Blame History

Logon Scripts

MITRE ATT&CK Technique: T1037

Root level loginhook (executes for all users)

Create the required plist file

sudo touch /private/var/root/Library/Preferences/com.apple.loginwindow.plist

Populate the plist with the location of your shell script

sudo defaults write com.apple.loginwindow LoginHook /Library/Scripts/AtomicRedTeam.sh

User level loginhook

Create the required plist file in the target user's Preferences directory

touch /Users/$USER/Library/Preferences/com.apple.loginwindow.plist

Populate the plist with the location of your shell script

defaults write com.apple.loginwindow LoginHook /Library/Scripts/AtomicRedTeam.sh
Reference in New Issue View Git Blame Copy Permalink