← Back to Explore
T1546.018
Python Startup Hooks
Adversaries may achieve persistence by leveraging Python’s startup mechanisms, including path configuration (`.pth`) files and the `sitecustomize.py` or `usercustomize.py` modules. These files are automatically processed during the initialization of the Python interpreter, allowing for the execution of arbitrary code whenever Python is invoked.(Citation: Volexity GlobalProtect CVE 2024) Path configuration files are designed to extend Python’s module search paths through the use of import statem...
LinuxmacOSWindows
2
Detections
1
Sources
0
Threat Actors
BY SOURCE
2elastic
PROCEDURES (1)
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring