Accessibility Features (T1015)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Accessibility Features

Associated Tactics

  • Persistence
  • Privilege Escalation

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
capec
Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved June 6, 2016. FireEye Hikit Rootkit
Maldonado, D., McGuffin, T. (2016, August 6). Sticky Keys to the Kingdom. Retrieved July 5, 2017. DEFCON2016 Sticky Keys
Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 12, 2014. Tilbury 2014