Skip to content

Hide Navigation Hide TOC

Potential PowerShell Console History Access Attempt via History File (f4ff7323-b5fc-4323-8b52-6b9408e15788)

Detects potential access attempts to the PowerShell console history directly via history file (ConsoleHost_history.txt). This can give access to plaintext passwords used in PowerShell commands or used for general reconnaissance.

Cluster A Galaxy A Cluster B Galaxy B Level
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Potential PowerShell Console History Access Attempt via History File (f4ff7323-b5fc-4323-8b52-6b9408e15788) Sigma-Rules 1
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2