Boot or Logon Initialization Scripts: Network Logon Script (Windows)


Adversaries may use network logon scripts automatically executed at logon initialization to establish persistence.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Identity ExposureActive DirectoryStandard AD UserLDAPUser and Group membership and ACL

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Persistence, Privilege Escalation

Sub-Technique: Network Logon Script

Platform: Windows

Products Required: Tenable Identity Exposure

Tenable Release Date: 2022 Q2