Obfuscated Deactivation of Script Block Logging, (Fri, Feb 10th)

PowerShell has a great built-in feature called “Script Block Logging”[1]. It helps to record all activities performed by a script and is a goldmine for incident handlers. That’s the reason why attackers tend to try to disable this feature. There are many ways to achieve this, but I found an interesting one.

Article Link: https://isc.sans.edu/diary/rss/29538

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Generated by Feedzy