← Back to Explore
T1552.003
Shell History
Adversaries may search the command history on compromised systems for insecurely stored credentials. On Linux and macOS systems, shells such as Bash and Zsh keep track of the commands users type on the command-line with the "history" utility. Once a user logs out, the history is flushed to the user's history file. For each user, this file resides at the same location: for example, `~/.bash_history` or `~/.zsh_history`. Typically, these files keeps track of the user's last 1000 commands. On Win...
LinuxmacOSWindows
3
Detections
1
Sources
0
Threat Actors
BY SOURCE
3sigma
PROCEDURES (3)
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring
Command Line Monitoring1 detections
Auto-extracted: 1 detections for command line monitoring