Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
48 lines (30 sloc) 1.16 KB

T1115 - Clipboard Data

Description from ATT&CK

Adversaries may collect data stored in the Windows clipboard from users copying information within or between applications.


Applications can access clipboard data by using the Windows API. (Citation: MSDN Clipboard)


OSX provides a native command, pbpaste, to grab clipboard contents (Citation: Operating with EmPyre).

Atomic Tests

Atomic Test #1 - Utilize Clipboard to store or execute commands from

Add data to clipboard to copy off or execute commands from.

Supported Platforms: Windows

Run it with command_prompt!

dir | clip
clip < readme.txt

Atomic Test #2 - PowerShell

Utilize PowerShell to echo a command to clipboard and execute it

Supported Platforms: Windows

Run it with powershell!

echo Get-Process | clip
Get-Clipboard | iex

You can’t perform that action at this time.