Usage : β
PowerShell History Breadcrumb β
This breadcrumb injects a reference to your Trapster honeypot into the PowerShell command history.
Attackers often review PowerShell history while performing postβexploitation reconnaissance. When they encounter this entry, they may attempt to reuse the referenced credentials or connect to the listed IP address which will immediately trigger a Trapster alert.
Usage β
- Grant execution permissions to the breadcrumb file:
bash
chmod +x <file_name>
./<file_name>Execute the file to inject the breadcrumb into the PowerShell history.
A command including the ip address of your Trapster will be injected into the history Example Injected Command: wget --user=testing --password=D9T2KcyzM http://192.168.56.105/Payroll_Q1.csv
Thats it!