LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

MITRE ATT&CK  /  T1505

T1505

Server Software Component

Persistence

Description

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.(Citation: volexity_0day_sophos_FW)

Platforms

WindowsLinuxmacOSNetwork DevicesESXi

Mitigations

  • M1045 — Code Signing
  • M1047 — Audit
  • M1024 — Restrict Registry Permissions
  • M1042 — Disable or Remove Feature or Program
  • M1046 — Boot Integrity
  • M1018 — User Account Management
  • M1026 — Privileged Account Management
Look up any technique

Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →

Scroll to Top