EXPLORE
Sign In
← Back to Explore
T1542

Pre-OS Boot

Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.(Citation: Wikipedia Booting) Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems...

LinuxNetwork DevicesWindowsmacOS
8
Detections
2
Sources
0
Threat Actors

BY SOURCE

7elastic1splunk_escu

PROCEDURES (5)

Process Creation Monitoring4 detections

Auto-extracted: 4 detections for process creation monitoring

Kernel1 detections

Auto-extracted: 1 detections for kernel

Kernel1 detections

Auto-extracted: 1 detections for kernel

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

DETECTIONS (8)

Boot File Copy
elasticlow
Dracut Module Creation
elasticlow
GRUB Configuration File Creation
elasticlow
GRUB Configuration Generation through Built-in Utilities
elasticlow
Initramfs Extraction via CPIO
elasticlow
Initramfs Unpacking via unmkinitramfs
elasticlow
Manual Dracut Execution
elasticlow
Windows Registry BootExecute Modification
splunk_escu