PowerShell has a great built-in feature called "Script Block Logging". It helps to record all activities performed by a script and is a goldmine for incident handlers. That's the reason why attackers tend to try to disable this feature. There are many ways to achieve this, but I found an interesting one.
Obfuscated Deactivation of Script Block Logging, (Fri, Feb 10th)
This post was originally published on this site