Threats based on Clipboards actions (+ KQL Query)
ID: 0e5a9444-8073-5119-ba0d-935ee993fa9f
STIX ID: report--0e5a9444-8073-5119-ba0d-935ee993fa9f
Feed Name: Detect FYI
Threat Score
The report demonstrates how Windows Clipboard History and a small PowerShell/CMD script can be used to continuously log clipboard contents (text, images, tokens), posing a risk of credential and data exposure; it includes a proof-of-concept script, discusses attacker misuse (exfiltration scenarios), and recommends detecting/enforcing controls via EDR alerts and Group Policy.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.