T1156

~/.bash_profile and ~/.bashrc are shell scripts that are executed in a user's context when a new shell is opened or when a user logs in so that their environment is set correctly. Adversaries may abuse these shell scripts by adding arbitrary commands that may be used to execute other binaries to gain persistence. Every time the user logs in or opens a new shell, the modified ~/.bash_profile and/or ~/.bashrc scripts will be executed.

Adding it as a PBA:
- LINUX: attempt to add some command (will be commented) to .bash_profile and .bashrc by echo-ing it into the file, and then removing it using sed
- WINDOWS: do the same for profile files in Powershell (refer to this) T1504

Mapping the technique to the ATT&CK matrix