Brian Beyer
22 lines
469 B
YAML
22 lines
469 B
YAML
---
|
|
attack_technique: t1146
|
|
display_name: HISTCONTROL
|
|
|
|
atomic_tests:
|
|
- name: Disable history collection
|
|
description: |
|
|
Disables history collection in shells
|
|
supported_platforms:
|
|
- linux
|
|
- macos
|
|
input_arguments:
|
|
evil_command:
|
|
description: Command to run after shell history collection is disabled
|
|
type: String
|
|
default: whoami
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
export HISTCONTROL=ignoreboth
|
|
ls #{evil_command}
|