Home/ MITRE Matrix/ Defense Evasion/ T1542.005

T1542.005TFTP Boot

T1542.005 — TFTP Boot is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 4 detection use cases covering it and 1 threat-intel article citing it.

Defense EvasionPersistence

View on the matrix → Filter Detection Library MITRE official spec ↗

4Use cases

1Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1542 · Pre-OS Boot

Use cases covering this technique (4)

Detect Software Download To Network Device ESCU actions · alerting P [LLM] Write of unattend.xml or ReAgent.xml to system recovery partition (GreatXML staging) Bespoke weapon · alerting DSΣPDDCS [LLM] reagentc.exe invocation enabling or remounting WinRE before reboot (GreatXML precondition) Bespoke install · alerting DSΣPDDCS [LLM] bcdedit recovery-sequence modification consistent with GreatXML WinRE pivot Bespoke install · alerting DSΣPDDCS

Articles citing this technique (1)

crit New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files art-42