Adversaries may collect data stored in the Windows clipboard from users copying information within or between applications.===Windows===
Applications can access clipboard data by using the Windows API. (Citation: MSDN Clipboard)
===Mac===
OSX provides a native command,
pbpaste, to grab clipboard contents (Citation: Operating with EmPyre).Detection: Access to the clipboard is a legitimate function of many applications on a Windows system. If an organization chooses to monitor for this behavior, then the data will likely need to be correlated against other suspicious or non-user-driven activity.
Platforms: Linux, macOS, Windows
Data Sources: API monitoring
Add data to clipboard to copy off or execute commands from.
Supported Platforms: Windows
dir | clip
clip < readme.txt
Utilize PowerShell to echo a command to clipboard and execute it
Supported Platforms: Windows
echo Get-Process | clip
Get-Clipboard | iex