Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
1 item(s) found so far for this keyword.
Impair Defenses: Impair Command History Logging Defense Evasion [Mitre]
Adversaries may impair command history logging to hide commands they run on a compromised system. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they've done.
On Windows
The PSReadLine
module tracks commands used in all PowerShell sessions and writes them to a file ($env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
by default).
Adversaries may change …