security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ef84e481520133a2cf394ecd4a3fb70ddb140bc
atomic-red-team/Windows/Persistence/Logon_Scripts.md
T
Michael Haag a6134b19c0 Techniques and Readme 
Technique: Hidden Files and Directories

Technique: Logon Scripts
- Source: https://github.com/NextronSystems/APTSimulator/blob/1c9048e834f0adabd18c8871d587fda42315575b/test-sets/persistence/userinit-mpr-logonscript.bat

Readme updates
2018-03-08 08:11:24 -06:00

274 B
Raw Blame History

Logon Scripts

MITRE ATT&CK Technique: T1037

Input:

Add path and any command line variables--

REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "<path of evil> <commandline switch of evil>"
Reference in New Issue View Git Blame Copy Permalink