Add "PowerShell Profile" attack technique (T1504)

[**T1504**](https://attack.mitre.org/techniques/T1504)

A PowerShell profile (`profile.ps1`) is a script that runs when PowerShell starts and can be used as a logon script to customize user environments. Adversaries may modify these profiles to include arbitrary commands, functions, modules, and/or PowerShell drives to gain persistence.

**Adding it as a PBA:**
\- *LINUX*: not applicable ([T1156](https://attack.mitre.org/techniques/T1156))
\- *WINDOWS*: refer to [this](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7) and [this](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1504/T1504.md#atomic-test-1---append-malicious-start-process-cmdlet)

[**Mapping the technique to the ATT&CK matrix**](https://github.com/shreyamalviya/monkey/blob/guide-to-add-attack-technique/monkey/Adding-a-new-attack-technique.md)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add "PowerShell Profile" attack technique (T1504) #686

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add "PowerShell Profile" attack technique (T1504) #686

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions