1. Home
  2. Techniques
  3. Enterprise
  4. Unsecured Credentials
  5. Shell History

Unsecured Credentials: Shell History

ID Name
ATAGS-T1126.001 Chat Messages
ATAGS-T1126.002 Cloud Instance Metadata API
ATAGS-T1126.003 Container API
ATAGS-T1126.004 Credentials In Files
ATAGS-T1126.005 Credentials in Registry
ATAGS-T1126.006 Group Policy Preferences
ATAGS-T1126.007 Private Keys
ATAGS-T1126.008 Shell History

Threat Actors may search the command history on compromised systems for insecurely stored credentials.

ID: ATAGS-T1126.008
Sub-technique of:  ATAGS-T1126
Tactic: Credential Access
Targeted Components: Mission, Personnel & Identity
Responsibility: Shared
Created: 18 April 2026
Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.