Command and Scripting Interpreter: Windows Command Shell

Other sub-techniques of Command and Scripting Interpreter (13)

ID	Name
ATAGS-T1046.001	AppleScript
ATAGS-T1046.002	AutoHotKey & AutoIT
ATAGS-T1046.003	Cloud API
ATAGS-T1046.004	Container CLI/API
ATAGS-T1046.005	Hypervisor CLI
ATAGS-T1046.006	JavaScript
ATAGS-T1046.007	Lua
ATAGS-T1046.008	Network Device CLI
ATAGS-T1046.009	Powershell
ATAGS-T1046.010	Python
ATAGS-T1046.011	Unix Shell
ATAGS-T1046.012	Visual Basic
ATAGS-T1046.013	Windows Command Shell

Threat actors may abuse the Windows command shell for execution. The Windows command shell (cmd) is the primary command prompt on Windows systems. The Windows command prompt can be used to control almost any aspect of a system, with various permission levels required for different subsets of commands. The command prompt can be invoked remotely via Remote Services such as SSH.

ID: ATAGS-T1046.013

Sub-technique of: ATAGS-T1046

ⓘ

Tactic: Execution

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.