Carrie Roberts
0859cb997a
* removing descriptions of xxx (left over from template) * update input param descriptions * description update * removing descriptions of xxx (left over from template)
37 lines
747 B
YAML
37 lines
747 B
YAML
---
|
|
attack_technique: T1148
|
|
display_name: HISTCONTROL
|
|
|
|
atomic_tests:
|
|
- name: Disable history collection
|
|
description: |
|
|
Disables history collection in shells
|
|
supported_platforms:
|
|
- linux
|
|
- macos
|
|
input_arguments:
|
|
evil_command:
|
|
description: Command to run after shell history collection is disabled
|
|
type: String
|
|
default: whoami
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
export HISTCONTROL=ignoreboth
|
|
ls #{evil_command}
|
|
|
|
- name: Mac HISTCONTROL
|
|
description: |
|
|
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
|
|
executor:
|
|
name: manual
|
|
steps: |
|
|
1. export HISTCONTROL=ignoreboth
|
|
2. echo export "HISTCONTROL=ignoreboth" >> ~/.bash_profile
|
|
3. ls
|
|
4. whoami > recon.txt
|