Tags
ATT&CK Tactic
Execution (TA0002)
References
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windowshttps://microsoft.github.io/Azure-Threat-Research-Matrix/Execution/AZT301/AZT301-2/
Last edited
May 19, 2024 11:38 AM
Status
Stub
Defenses
Workload Runtime Protection
the Custom Script Extension Version 2 downloads and runs scripts on Azure virtual machines (VMs). This extension is useful for post-deployment configuration, software installation, or any other configuration or management task.
By utilizing the 'CustomScriptExtension' extension on a Virtual Machine, an attacker can pass PowerShell commands to the VM as SYSTEM.