search
githubEdit

square-terminalReading Clipboard Data via Powershell

hashtag
Clipboard Data

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

For example, on Windows adversaries can access clipboard data by using clip.exe or Get-Clipboard.[1]arrow-up-right[2]arrow-up-right[3]arrow-up-right Additionally, adversaries may monitor then replace users’ clipboard with their data (e.g., Transmitted Data Manipulationarrow-up-right).[4]arrow-up-right

macOS and Linux also have commands, such as pbpaste, to grab clipboard contents.[5]arrow-up-right

circle-check

ID: T1115Sub-techniques: No sub-techniques

ⓘTactic: Collectionarrow-up-right

ⓘPlatforms: Linux, Windows, macOSVersion: 1.2

Created: 31 May 2017

Last Modified: 14 April 2023

hashtag
Commands

Windows

  • clip

  • echo "New Clipboard Text" | clip

  • Get-Clipboard

macOS

  • pbpaste

Linux

  • xclip -o

  • echo "New Clipboard Text" | xclip

  • xsel --clipboard --output

  • echo "New Clipboard Text" | xsel --clipboard --input

hashtag
REFERENCES

PreviousThreat DetectionNextDetection of Windows Defender Tampering via Powershell

Last updated