Boot or Logon Autostart Execution
GPTKB entity
Statements (22)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:cybersecurity_technique
|
| gptkbp:citation |
https://attack.mitre.org/techniques/T1547/
|
| gptkbp:describes |
Techniques that allow programs to run automatically when a system boots or a user logs in.
|
| gptkbp:detects |
monitor for changes to autostart locations
|
| gptkbp:example |
adding startup folder items
creating new services launch agents on macOS modifying registry run keys modifying systemd units |
| gptkbp:goal |
persistence
privilege escalation |
| gptkbp:mitigatedBy |
monitor and audit autostart locations
restrict user permissions |
| gptkbp:partOf |
gptkb:MITRE_ATT&CK_framework
|
| gptkbp:platform |
gptkb:Windows
gptkb:macOS gptkb:Linux |
| gptkbp:technique |
T1547
|
| gptkbp:usedBy |
adversaries
|
| gptkbp:bfsParent |
gptkb:Defense_Evasion
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
Boot or Logon Autostart Execution
|