From 68633fc0e2245b5cc258f30f7ed9794c29068b2a Mon Sep 17 00:00:00 2001
From: Carrie Roberts <clr2of8@gmail.com>
Date: Thu, 29 Sep 2022 11:14:32 -0600
Subject: [PATCH] Set Custom AddToHistoryHandler to Avoid History File Logging
 (#2168)

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
---
 atomics/T1070.003/T1070.003.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/atomics/T1070.003/T1070.003.yaml b/atomics/T1070.003/T1070.003.yaml
index 694a04bf..4e5b15bb 100644
--- a/atomics/T1070.003/T1070.003.yaml
+++ b/atomics/T1070.003/T1070.003.yaml
@@ -131,6 +131,7 @@ atomic_tests:
        Set-PSReadlineOption –HistorySaveStyle SaveNothing
     name: powershell
     cleanup_command: 'Set-PSReadLineOption -HistorySaveStyle SaveIncrementally'
+    
 - name:  Clear Powershell History by Deleting History File
   auto_generated_guid: da75ae8d-26d6-4483-b0fe-700e4df4f037
   description: |
@@ -142,3 +143,16 @@ atomic_tests:
        Remove-Item (Get-PSReadlineOption).HistorySavePath
     name: powershell
 
+- name:  Set Custom AddToHistoryHandler to Avoid History File Logging
+  description: |
+    The "AddToHistoryHandler" receives the current command as the $line variable and then returns $true if 
+    the line should be written to the history file. Here we simply return $false so nothing gets added to 
+    the history file for the current session. 
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      Set-PSReadLineOption -AddToHistoryHandler { return $false }
+    cleanup_command: |
+      Set-PSReadLineOption -AddToHistoryHandler $null
+    name: powershell