security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1115/T1115.md
T
CircleCI Atomic Red Team doc generator 499c751bcc Generate docs from job=validate_atomics_generate_docs branch=master
2019-09-03 13:36:10 +00:00

1.2 KiB
Raw Blame History

T1115 - Clipboard Data

Description from ATT&CK

Adversaries may collect data stored in the Windows clipboard from users copying information within or between applications.

Windows

Applications can access clipboard data by using the Windows API. (Citation: MSDN Clipboard)

Mac

OSX provides a native command, pbpaste, to grab clipboard contents (Citation: Operating with EmPyre).

Atomic Tests


Atomic Test #1 - Utilize Clipboard to store or execute commands from

Add data to clipboard to copy off or execute commands from.

Supported Platforms: Windows

Run it with command_prompt!

dir | clip
clip < readme.txt


Atomic Test #2 - PowerShell

Utilize PowerShell to echo a command to clipboard and execute it

Supported Platforms: Windows

Run it with powershell!

echo Get-Process | clip
Get-Clipboard | iex

Reference in New Issue View Git Blame Copy Permalink