Iron Castle Systems

Search

Skip to content

VMware
AWS
Powershell
Security
Projects
Misc.
Client Access
About

Search for:

Obfuscated Deactivation of Script Block Logging, (Fri, Feb 10th)

February 10, 2023 David Leave a comment

This post was originally published on this site

PowerShell has a great built-in feature called "Script Block Logging"[1]. It helps to record all activities performed by a script and is a goldmine for incident handlers. That's the reason why attackers tend to try to disable this feature. There are many ways to achieve this, but I found an interesting one.

Post navigation

Previous PostA Backdoor with Smart Screenshot Capability, (Thu, Feb 9th)Next PostPCAP Data Analysis with Zeek, (Sun, Feb 12th)

Leave a Reply Cancel reply

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

VMware

Management ip address in ESXi 6/7 March 31, 2023
VMs per Datastore up-to-date considerations March 31, 2023
Original storage issue in ESXi 6.7 March 31, 2023
My ESXi 5.5 server keeps shutdown unexpectedly every time I reboot March 31, 2023
Errori di rete tra VM March 31, 2023

SANS Security

Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains, (Fri, Mar 31st) March 31, 2023
ISC Stormcast For Friday, March 31st, 2023 https://isc.sans.edu/podcastdetail.html?id=8434, (Fri, Mar 31st) March 31, 2023
Bypassing PowerShell Strong Obfuscation, (Thu, Mar 30th) March 30, 2023
ISC Stormcast For Thursday, March 30th, 2023 https://isc.sans.edu/podcastdetail.html?id=8432, (Thu, Mar 30th) March 30, 2023
Extracting Multiple Streams From OLE Files, (Wed, Mar 29th) March 29, 2023

AWS

New – Ready-to-use Models and Support for Custom Text and Image Classification Models in Amazon SageMaker Canvas March 31, 2023
Simplify Service-to-Service Connectivity, Security, and Monitoring with Amazon VPC Lattice – Now Generally Available March 31, 2023
Amazon GuardDuty Now Supports Amazon EKS Runtime Monitoring March 30, 2023
Announcing General Availability of Step-by-Step Guides for Amazon Connect Agent Workspace March 27, 2023
How French Broadcaster TF1 Used AWS Cloud Technology and Expertise to Bring the FIFA World Cup to Millions March 27, 2023

Microsoft

Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI March 28, 2023
Microsoft creates new opportunities for partners through AI offerings and expansion of Microsoft Cloud Partner Program March 22, 2023
Create images with your words – Bing Image Creator comes to the new Bing March 21, 2023
Breaking new ground in healthcare with the next evolution of AI March 20, 2023
Prompts for communicators using the new AI-powered Bing March 16, 2023

Iron Castle Systems

Tag Cloud

AWS
Microsoft
Powershell
SANS
Security
Virtualization
VMware

Recent Posts

PowerShellGet 3.0 Preview 20 March 31, 2023
Simplify Service-to-Service Connectivity, Security, and Monitoring with Amazon VPC Lattice – Now Generally Available March 31, 2023
Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains, (Fri, Mar 31st) March 31, 2023
Amazon GuardDuty Now Supports Amazon EKS Runtime Monitoring March 30, 2023
Top 10 Most Popular Knowledge Articles for VMware HCX, SaaS, and EPG (Emerging Products Group) for March, 2023 March 30, 2023

Archives

Iron Castle System info@ironcastle.net Proudly powered by WordPress Theme - twentyfourteen

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage vendors Read more about these purposes

View preferences

{title} {title} {title}