← Back to Explore
T1059.012
Hypervisor CLI
Adversaries may abuse hypervisor command line interpreters (CLIs) to execute malicious commands. Hypervisor CLIs typically enable a wide variety of functionality for managing both the hypervisor itself and the guest virtual machines it hosts. For example, on ESXi systems, tools such as `esxcli` and `vim-cmd` allow administrators to configure firewall rules and log forwarding on the hypervisor, list virtual machines, start and stop virtual machines, and more.(Citation: Broadcom ESXCLI Reference...
ESXi
9
Detections
1
Sources
1
Threat Actors
BY SOURCE
9sigma
PROCEDURES (1)
Process Creation Monitoring9 detections
Auto-extracted: 9 detections for process creation monitoring
THREAT ACTORS (1)
DETECTIONS (9)
ESXi Account Creation Via ESXCLI
sigmamedium
ESXi Admin Permission Assigned To Account Via ESXCLI
sigmahigh
ESXi Network Configuration Discovery Via ESXCLI
sigmamedium
ESXi Storage Information Discovery Via ESXCLI
sigmamedium
ESXi Syslog Configuration Change Via ESXCLI
sigmamedium
ESXi System Information Discovery Via ESXCLI
sigmamedium
ESXi VM Kill Via ESXCLI
sigmamedium
ESXi VM List Discovery Via ESXCLI
sigmamedium
ESXi VSAN Information Discovery Via ESXCLI
sigmamedium