Iron Castle Systems

Skip to content

VMware
AWS
Powershell
Security
Projects
Misc.
Client Access
About

Search for:

Obfuscated Deactivation of Script Block Logging, (Fri, Feb 10th)

February 10, 2023 David Leave a comment

This post was originally published on this site

PowerShell has a great built-in feature called "Script Block Logging"[1]. It helps to record all activities performed by a script and is a goldmine for incident handlers. That's the reason why attackers tend to try to disable this feature. There are many ways to achieve this, but I found an interesting one.

Post navigation

Previous PostAA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance Next PostPCAP Data Analysis with Zeek, (Sun, Feb 12th)

Leave a Reply Cancel reply

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

VMware

SSO login issue and Event logs querying taking too long time September 23, 2023
VC-7.0 Certificate issue September 23, 2023
Disk Consilidation VM after consolidation VM not able to power on September 23, 2023
vROPs web UI not working(Too many redirection error) September 23, 2023
Routing for vMotion on default stack supported? September 23, 2023

SANS Security

ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd) September 22, 2023
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st) September 21, 2023
ISC Stormcast For Thursday, September 21st, 2023 https://isc.sans.edu/podcastdetail/8668, (Thu, Sep 21st) September 21, 2023
What's Normal? DNS TTL Values, (Wed, Sep 20th) September 20, 2023
ISC Stormcast For Wednesday, September 20th, 2023 https://isc.sans.edu/podcastdetail/8666, (Wed, Sep 20th) September 20, 2023

AWS

New – Add Your Swift Packages to AWS CodeArtifact September 20, 2023
New – Amazon EC2 M2 Pro Mac Instances Built on Apple Silicon M2 Pro Mac Mini Computers September 19, 2023
New – NVMe Reservations for Amazon Elastic Block Store io2 Volumes September 19, 2023
AWS Weekly Roundup: C7i Instances, Knowledge Base for Amazon Bedrock, and More (Sept. 18, 2023) September 18, 2023
Preview – Connect Foundation Models to Your Company Data Sources with Agents for Amazon Bedrock September 13, 2023

Microsoft

Announcing Microsoft Copilot, your everyday AI companion September 21, 2023
Microsoft expands partnership with Oracle to bring customers’ mission-critical database workloads to Azure September 14, 2023
Microsoft and Epic expand AI collaboration to accelerate generative AI’s impact in healthcare, addressing the industry’s most pressing needs August 22, 2023
Microsoft solutions boost Fortune 500 frontline productivity with next-generation AI August 9, 2023
The future of business is here: How industries are unlocking AI innovation and greater value with the Microsoft Cloud July 24, 2023

Iron Castle Systems

Tag Cloud

AWS
Microsoft
Powershell
SANS
Security
Virtualization
VMware

Recent Posts

Scanning for Laravel – a PHP Framework for Web Artisants, (Sat, Sep 23rd) September 23, 2023
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st) September 21, 2023
New – Add Your Swift Packages to AWS CodeArtifact September 20, 2023
PowerShellGet 3.0.22-beta22 is now available September 20, 2023
What's Normal? DNS TTL Values, (Wed, Sep 20th) September 20, 2023

Archives

Iron Castle System info@ironcastle.net Proudly powered by WordPress Theme - twentyfourteen

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage vendors Read more about these purposes

View preferences

{title} {title} {title}