From ee6ed4ea1cb303abeb5a7417fb0a49e29c0002b6 Mon Sep 17 00:00:00 2001
From: Keith McCammon <keith@mccammon.org>
Date: Fri, 13 Oct 2017 14:21:31 -0600
Subject: [PATCH] Submitting two new Mac techniques

- Clear Command History
- Gatekeeper Bypass
---
 Mac/Defense_Evasion/Clear_Command_History.md | 20 ++++++++++++++++++++
 Mac/Defense_Evasion/Gatekeeper_Bypass.md     |  9 +++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 Mac/Defense_Evasion/Clear_Command_History.md
 create mode 100644 Mac/Defense_Evasion/Gatekeeper_Bypass.md

diff --git a/Mac/Defense_Evasion/Clear_Command_History.md b/Mac/Defense_Evasion/Clear_Command_History.md
new file mode 100644
index 00000000..a855bf8a
--- /dev/null
+++ b/Mac/Defense_Evasion/Clear_Command_History.md
@@ -0,0 +1,20 @@
+# Defense Evasion
+
+MITRE ATT&CK Technique: [T1146](https://attack.mitre.org/wiki/Technique/T1146)
+
+
+## multiple shells
+
+    unset HISTFILE
+
+    export HISTFILESIZE=0
+
+    history -c
+
+## bash
+
+    rm ~/.bash_history
+
+	cat /dev/null > ~/.bash_history
+
+	
diff --git a/Mac/Defense_Evasion/Gatekeeper_Bypass.md b/Mac/Defense_Evasion/Gatekeeper_Bypass.md
new file mode 100644
index 00000000..4e447c59
--- /dev/null
+++ b/Mac/Defense_Evasion/Gatekeeper_Bypass.md
@@ -0,0 +1,9 @@
+# Defense Evasion
+
+MITRE ATT&CK Technique: [T1144](https://attack.mitre.org/wiki/Technique/T1144)
+
+
+    sudo xattr -r -d com.apple.quarantine /path/to/MyApp.app
+
+    sudo spctl --master-disable
+