Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io

Made with 💙 by Wiz

Last Updated: April 3, 2025

Cloud Threat Landscape
/Techniques
Techniques
/
Execute Command on VM using Custom Script Extension

Execute Command on VM using Custom Script Extension

Tags
ATT&CK Tactic
Execution (TA0002)
References
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windowshttps://microsoft.github.io/Azure-Threat-Research-Matrix/Execution/AZT301/AZT301-2/
Last edited
May 19, 2024 11:38 AM
Status
Stub
Defenses
Workload Runtime Protection

the Custom Script Extension Version 2 downloads and runs scripts on Azure virtual machines (VMs). This extension is useful for post-deployment configuration, software installation, or any other configuration or management task.

By utilizing the 'CustomScriptExtension' extension on a Virtual Machine, an attacker can pass PowerShell commands to the VM as SYSTEM.