← Back to Explore
T1690
Prevent Command History Logging
Adversaries may impair command history logging to hide commands they run on a compromised system. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they have done. On Linux and macOS, command history is tracked in a file pointed to by the environment variable `HISTFILE`. When a user logs off a system, this information is flushed to a file in the user's home directory called `~/.bash_history`. The `HISTCONTROL` environment variabl...
ESXiLinuxmacOSNetwork DevicesWindows
3
Detections
2
Sources
4
Threat Actors
BY SOURCE
2splunk_escu1sigma
PROCEDURES (2)
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring