Common Information
Type Value
Value
Command-Line Interface - T1059
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. (Citation: Wikipedia Command-Line Interface) One example command-line interface on Windows systems is cmd, which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task). Adversaries may use command-line interfaces to interact with systems and execute other software during the course of an operation. Detection: Command-line interface activities can be captured through proper logging of process execution with command-line arguments. This information can be useful in gaining additional insight to adversaries' actions through how they use native processes or custom tools. Platforms: Linux, Windows, macOS Data Sources: Process command-line parameters, Process monitoring Permissions Required: Administrator, SYSTEM, User Remote Support: No
Details Published Attributes CTI Title
Details Website 2025-01-22 40 Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc.
Details Website 2025-01-22 1 Demystifying Cyber Attacks with MITRE ATT&CK Framework
Details Website 2025-01-22 127 Targeted supply chain attack against Chrome browser extensions
Details Website 2025-01-21 43 Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations
Details Website 2025-01-20 43 Unveiling Silent Lynx APT: Targeting Central Asian Entities with Malicious Campaigns
Details Website 2025-01-20 42 Zyxel vulnerability exploited by "Helldown" ransomware group
Details Website 2025-01-19 5 Command Injection: When Input Becomes a Weapon
Details Website 2025-01-19 0 Top 50 Digital Forensics Tools
Details Website 2025-01-17 32 Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques
Details Website 2025-01-17 109 BlackSuit Ransomware Group: What Have Changed After Royal Ransomware
Details Website 2025-01-17 25 20 Best Threat Hunting Tools — 2025
Details Website 2025-01-17 31 Sliver Implant Targets German Entities With DLL Sideloading And Proxying Techniques - Cyble
Details Website 2025-01-16 42 Updated Response to CISA Advisory (AA23-136A): #StopRansomware: BianLian Ransomware Group
Details Website 2025-01-16 41 Malware Trends Overview Report: 2024
Details Website 2025-01-16 21 Malware Trends Overview Report: 2024 - ANY.RUN's Cybersecurity Blog
Details Website 2025-01-16 10 My Journey into Cybersecurity: A Neurodivergent Perspective
Details Website 2025-01-16 11 10-Days of learning — Day 6 — Persistence MalwarePersistence Malware:
Details Website 2025-01-15 0 Cybersecurity in Movies: Separating Hollywood Myths from Reality
Details Website 2025-01-15 2 Linux Shell Scripting Explained | TryHackme Linux Shells
Details Website 2025-01-15 2 Metasploit for Beginners — A Guide to the Powerful Exploitation Framework
Details Website 2025-01-14 36 VMware ESXi Logging & Detection Opportunities
Details Website 2025-01-14 29 VMware ESXi Logging & Detection Opportunities
Details Website 2025-01-14 2 Mass Exploitation Campaign Targets Fortinet Firewalls Using Suspected Zero-Day Vulnerability - CyberSRC
Details Website 2025-01-14 2 NPM command confusion
Details Website 2025-01-14 2 NPM command confusion