T1154

The trap command allows programs and shells to specify commands that will be executed upon receiving interrupt signals. Adversaries can use this to register code to be executed when the shell encounters specific interrupts.

Adding it as PBA:
- LINUX: use trap for SIGINT (ctrl+c), send signal, "untrap" the signal
- WINDOWS: not applicable

Mapping the technique to the ATT&CK matrix