Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Attackers may access the bash history file to glean cleartext usernames and passwords that were entered on the command line.
Attacker's Goals
Adversaries may search the bash history file to search for insecurely stored credentials.
Investigative actions
Investigate the process activities and use of the extracted credentials.