Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
clear tags
15 threats — page 1 of 1
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Boot or Logon Autostart Execution | Persistence | Adversaries may configure system settings to automatically execute a program during system boot or l… | Edit | |
| Boot or Logon Autostart Execution: Active Setup | Persistence | Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machin… | Edit | |
| Boot or Logon Autostart Execution: Authentication Package | Persistence | Adversaries may abuse authentication packages to execute DLLs when the system boots. Windows authent… | Edit | |
| Boot or Logon Autostart Execution: Kernel Modules and Extensions | Persistence | Adversaries may modify the kernel to automatically execute programs on system boot. Loadable Kernel … | Edit | |
| Boot or Logon Autostart Execution: LSASS Driver | Persistence | Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems. The Window… | Edit | |
| Boot or Logon Autostart Execution: Login Items | Persistence | Adversaries may add login items to execute upon user login to gain persistence or escalate privilege… | Edit | |
| Boot or Logon Autostart Execution: Port Monitors | Persistence | Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistenc… | Edit | |
| Boot or Logon Autostart Execution: Print Processors | Persistence | Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/… | Edit | |
| Boot or Logon Autostart Execution: Re-opened Applications | Persistence | Adversaries may modify plist files to automatically run an application when a user logs in. When a u… | Edit | |
| Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | Persistence | Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a… | Edit | |
| Boot or Logon Autostart Execution: Security Support Provider | Persistence | Adversaries may abuse security support providers (SSPs) to execute DLLs when the system boots. Windo… | Edit | |
| Boot or Logon Autostart Execution: Shortcut Modification | Persistence | Adversaries may create or modify shortcuts that can execute a program during system boot or user log… | Edit | |
| Boot or Logon Autostart Execution: Time Providers | Persistence | Adversaries may abuse time providers to execute DLLs when the system boots. The Windows Time service… | Edit | |
| Boot or Logon Autostart Execution: Winlogon Helper DLL | Persistence | Adversaries may abuse features of Winlogon to execute DLLs and/or executables when a user logs in. W… | Edit | |
| Boot or Logon Autostart Execution: XDG Autostart Entries | Persistence | Adversaries may add or modify XDG Autostart Entries to execute malicious programs or commands when a… | Edit |