EXPLORE
Sign In
← Back to Explore
T1542

Pre-OS Boot

Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.(Citation: Wikipedia Booting) Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems...

LinuxmacOSNetwork DevicesWindows
9
Detections
2
Sources
0
Threat Actors

BY SOURCE

7elastic2splunk_escu

PROCEDURES (6)

Process Creation Monitoring4 detections

Auto-extracted: 4 detections for process creation monitoring

Kernel1 detections

Auto-extracted: 1 detections for kernel

Kernel1 detections

Auto-extracted: 1 detections for kernel

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Kernel Monitoring1 detections

Auto-extracted: 1 detections for kernel monitoring

Persist1 detections

Auto-extracted: 1 detections for persist

DETECTIONS (9)

Boot File Copy
elasticlow
Dracut Module Creation
elasticlow
GRUB Configuration File Creation
elasticlow
GRUB Configuration Generation through Built-in Utilities
elasticlow
Initramfs Extraction via CPIO
elasticlow
Initramfs Unpacking via unmkinitramfs
elasticlow
Manual Dracut Execution
elasticlow
Windows EFI Volume Mount Attempt Via Mountvol
splunk_escu
Windows Registry BootExecute Modification
splunk_escu