Command and Scripting Interpreter: Lua (T1059.011)
Tactic: Execution · Platforms: Linux, Network Devices, Windows, macOS
The interactive view maps 1 detection strategy, 3 mitigations, 5 software entries to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Command and Scripting Interpreter (T1059).
Overview
Adversaries may abuse Lua commands and scripts for execution. Lua is a cross-platform scripting and programming language primarily designed for embedded use in applications. Lua can be executed on the command-line (through the stand-alone lua interpreter), via scripts (.lua), or from Lua-embedded programs (through the struct lua_State).
Lua scripts may be executed by adversaries for malicious purposes. Adversaries may incorporate, abuse, or replace existing Lua interpreters to allow for malicious Lua command execution at runtime.