Skip to content

Add "Trap" attack technique (T1154) #697

@shreyamalviya

Description

@shreyamalviya

T1154

The trap command allows programs and shells to specify commands that will be executed upon receiving interrupt signals. Adversaries can use this to register code to be executed when the shell encounters specific interrupts.

Adding it as PBA:
- LINUX: use trap for SIGINT (ctrl+c), send signal, "untrap" the signal
- WINDOWS: not applicable

Mapping the technique to the ATT&CK matrix

Metadata

Metadata

Assignees

Labels

FeatureIssue that describes a new feature to be implemented.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions