← Back to Explore
T1542.005
TFTP Boot
Adversaries may abuse netbooting to load an unauthorized network device operating system from a Trivial File Transfer Protocol (TFTP) server. TFTP boot (netbooting) is commonly used by network administrators to load configuration-controlled network device images from a centralized management server. Netbooting is one option in the boot sequence and can be used to centralize, manage, and control device images. Adversaries may manipulate the configuration on the network device specifying use of a...
Network Devices
1
Detections
1
Sources
0
Threat Actors
BY SOURCE
1splunk_escu
PROCEDURES (1)
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring