EXPLORE
Sign In
← Back to Explore
T1547.015

Login Items

Adversaries may add login items to execute upon user login to gain persistence or escalate privileges. Login items are applications, documents, folders, or server connections that are automatically launched when a user logs in.(Citation: Open Login Items Apple) Login items can be added via a shared file list or Service Management Framework.(Citation: Adding Login Items) Shared file list login items can be set using scripting languages such as [AppleScript](https://attack.mitre.org/techniques/T10...

macOS
2
Detections
2
Sources
0
Threat Actors

BY SOURCE

1elastic1sigma

PROCEDURES (1)

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

DETECTIONS (2)

Creation of Hidden Login Item via Apple Script
elasticmedium
Windows Terminal Profile Settings Modification By Uncommon Process
sigmamedium