T1542 - Pre-OS Boot
Tactics:
Persistence Defense Evasion
Persistence Defense Evasion
Platforms:
Linux Network Devices Windows macOS
Linux Network Devices Windows macOS
Detection:
Not specified
Not specified
Description:
Adversaries may abuse Pre-OS Boot mechanisms as a way to establish persistence on a system. During the booting process of a computer, firmware and various startup services are loaded before the operating system. These programs control flow of execution before the operating system takes control.(Citation: Wikipedia Booting)
Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses.
Adversaries may overwrite data in boot drivers or firmware such as BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) to persist on systems at a layer below the operating system. This can be particularly difficult to detect as malware at this level will not be detected by host software-based defenses.
Metadata
| MITRE ID: | T1542 |
| STIX ID: | attack-pattern--7f0ca133-88c4-... |
| Platforms: | Linux, Network Devices, Windows, macOS |
| Created: | 13/01/2026 17:48 |
| Updated: | 14/03/2026 04:00 |