PowerShell has a great built-in feature called “Script Block Logging”[1]. It helps to record all activities performed by a script and is a goldmine for incident handlers. That’s the reason why attackers tend to try to disable this feature. There are many ways to achieve this, but I found an interesting one.
Article Link: https://isc.sans.edu/diary/rss/29538