Obfuscated Deactivation of Script Block Logging, (Fri, Feb 10th)

This post was originally published on this site

PowerShell has a great built-in feature called "Script Block Logging"[1]. It helps to record all activities performed by a script and is a goldmine for incident handlers. That's the reason why attackers tend to try to disable this feature. There are many ways to achieve this, but I found an interesting one.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.