A Command-Line Interface (CLI) offers a way of interacting with local or remote computer systems. Our research has found that Command-Line Interface was the fifth most prevalent ATT&CK technique used by adversaries in their malware. As an execution technique, adversaries use one or more CLI to run their code, interact with local and remote systems, and execute other software during an attack campaign.
Operating systems (OS) provide one or more built-in Command Line Interfaces (CLIs) to users. Not only legitimate users but adversaries also frequently use built-in OS CLIs to run their commands since it is easy to detect a third-party program that executes commands. As an Execution technique, CLI is critical to run adversary-controlled code on a local or remote system. Execution techniques are typically combined with techniques from all other tactics to accomplish specific aims, such as lateral movement and data exfiltration. ...read more!
