From f091078622635844a07bc6104c9a2ca6c5e6cf31 Mon Sep 17 00:00:00 2001
From: tosu <timo42@proton.me>
Date: Thu, 13 Apr 2023 18:15:31 +0200
Subject: [PATCH 1/2] spy on pts's shell script

---
 mon.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100755 mon.sh

diff --git a/mon.sh b/mon.sh
new file mode 100755
index 0000000..23593ca
--- /dev/null
+++ b/mon.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+#Requires sudo, strace and GNU grep
+
+echo "<START>"
+
+sudo strace       \
+  -e trace=write  \
+  -s 1000         \
+  -f              \
+  $(ps u                       |
+    grep pts                   |
+    grep Ss                    |
+    grep -v grep               |
+    awk '{print "-p " $2 " "}' |
+    xargs)        \
+ 2>&1             |
+
+  grep            \
+  --line-buffered \
+  -o '".*[^"]"'   |
+
+  grep            \
+  --line-buffered \
+  -o '[^"]*[^"]'  |
+
+while IFS="" read -r char; do
+  printf '%b' "$char"
+done
+
+echo "<END>"

From cc11aa9a2f78345b5b0078a95da2f39504b5d50a Mon Sep 17 00:00:00 2001
From: tosu <timo42@proton.me>
Date: Thu, 13 Apr 2023 18:16:04 +0200
Subject: [PATCH 2/2] Folder

---
 mon.sh => blueteam_observability/mon.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename mon.sh => blueteam_observability/mon.sh (100%)

diff --git a/mon.sh b/blueteam_observability/mon.sh
similarity index 100%
rename from mon.sh
rename to blueteam_observability/mon.sh