Common Information
Type | Value |
---|---|
Value |
Command-Line Interface - T1059 |
Category | Attack-Pattern |
Type | Mitre-Enterprise-Attack-Attack-Pattern |
Misp Type | Cluster |
Description | Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. (Citation: Wikipedia Command-Line Interface) One example command-line interface on Windows systems is cmd, which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task). Adversaries may use command-line interfaces to interact with systems and execute other software during the course of an operation. Detection: Command-line interface activities can be captured through proper logging of process execution with command-line arguments. This information can be useful in gaining additional insight to adversaries' actions through how they use native processes or custom tools. Platforms: Linux, Windows, macOS Data Sources: Process command-line parameters, Process monitoring Permissions Required: Administrator, SYSTEM, User Remote Support: No |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2025-01-22 | 40 | Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2025-01-22 | 1 | Demystifying Cyber Attacks with MITRE ATT&CK Framework | ||
Details | Website | 2025-01-22 | 127 | Targeted supply chain attack against Chrome browser extensions | ||
Details | Website | 2025-01-21 | 43 | Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations | ||
Details | Website | 2025-01-20 | 43 | Unveiling Silent Lynx APT: Targeting Central Asian Entities with Malicious Campaigns | ||
Details | Website | 2025-01-20 | 42 | Zyxel vulnerability exploited by "Helldown" ransomware group | ||
Details | Website | 2025-01-19 | 5 | Command Injection: When Input Becomes a Weapon | ||
Details | Website | 2025-01-19 | 0 | Top 50 Digital Forensics Tools | ||
Details | Website | 2025-01-17 | 32 | Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques | ||
Details | Website | 2025-01-17 | 109 | BlackSuit Ransomware Group: What Have Changed After Royal Ransomware | ||
Details | Website | 2025-01-17 | 25 | 20 Best Threat Hunting Tools — 2025 | ||
Details | Website | 2025-01-17 | 31 | Sliver Implant Targets German Entities With DLL Sideloading And Proxying Techniques - Cyble | ||
Details | Website | 2025-01-16 | 42 | Updated Response to CISA Advisory (AA23-136A): #StopRansomware: BianLian Ransomware Group | ||
Details | Website | 2025-01-16 | 41 | Malware Trends Overview Report: 2024 | ||
Details | Website | 2025-01-16 | 21 | Malware Trends Overview Report: 2024 - ANY.RUN's Cybersecurity Blog | ||
Details | Website | 2025-01-16 | 10 | My Journey into Cybersecurity: A Neurodivergent Perspective | ||
Details | Website | 2025-01-16 | 11 | 10-Days of learning — Day 6 — Persistence MalwarePersistence Malware: | ||
Details | Website | 2025-01-15 | 0 | Cybersecurity in Movies: Separating Hollywood Myths from Reality | ||
Details | Website | 2025-01-15 | 2 | Linux Shell Scripting Explained | TryHackme Linux Shells | ||
Details | Website | 2025-01-15 | 2 | Metasploit for Beginners — A Guide to the Powerful Exploitation Framework | ||
Details | Website | 2025-01-14 | 36 | VMware ESXi Logging & Detection Opportunities | ||
Details | Website | 2025-01-14 | 29 | VMware ESXi Logging & Detection Opportunities | ||
Details | Website | 2025-01-14 | 2 | Mass Exploitation Campaign Targets Fortinet Firewalls Using Suspected Zero-Day Vulnerability - CyberSRC | ||
Details | Website | 2025-01-14 | 2 | NPM command confusion | ||
Details | Website | 2025-01-14 | 2 | NPM command confusion |