← Back to Explore
T1562.003
Impair Command History Logging
Adversaries may impair command history logging to hide commands they run on a compromised system. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they've done. On Linux and macOS, command history is tracked in a file pointed to by the environment variable <code>HISTFILE</code>. When a user logs off a system, this information is flushed to a file in the user's home directory called <code>~/.bash_history</code>. The <code>HISTCO...
ESXiLinuxmacOSNetwork DevicesWindows
3
Detections
2
Sources
4
Threat Actors
BY SOURCE
2splunk_escu1sigma
PROCEDURES (2)
General Monitoring2 detections
Auto-extracted: 2 detections for general monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring