Modification of Logon Scripts from Registry¶
Windows allows logon scripts to be run whenever a specific user or group of users log into a system.
| id: | af99d7ec-b1c7-4648-9188-063ca27544ac |
|---|---|
| categories: | enrich |
| confidence: | low |
| os: | windows |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Lateral Movement, Persistence |
|---|---|
| techniques: | T1037 Logon Scripts |
Query¶
registry where registry_path == "*\\Environment\\UserInitMprLogonScript"