Clipboard Data
https://attack.mitre.org/techniques/T1115/
ATT&CK ID: T1115
Permissions Required: User
Description
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
In Windows, Applications can access clipboard data by using the Windows API.
[Source]
Techniques
Empire
This module monitors the clipboard on a specified interval for changes to copied text.
Get-ClipboardContents
Get-ClipboardContents
monitors for information currently in the clipboard and anything that may be copied to the clipboard for the duration of the scripts execution time.
Metasploit
This Metasploit module can be loaded from the meterpreter shell.
PowerShell
The native PowerShell command Get-Clipboard
retrieves information that is currently stored in the clipboard.
Mitigations
Monitor executed commands and arguments to collect data stored in the clipboard from users copying information within or between applications.
Monitor API calls that could collect data stored in the clipboard from users copying information within or between applications.
Last updated