Detections
Analytics
Boot or Logon Initialization Scripts: Network Logon Script (Windows)
Description
Adversaries may use network logon scripts automatically executed at logon initialization to establish persistence.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | User and Group membership and ACL | Plugin ID: C-ROOTOBJECTS-SD-CONSISTENCY |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Persistence, Privilege Escalation
Technique: Boot or Logon Initialization Scripts
Sub-Technique: Network Logon Script
Platform: Windows
Products Required: Tenable Identity Exposure
Tenable Release Date: 2022 Q2