"- > windows - > powershell - > operational the following screenshot was taken after establishing a powershell empire session on a remote system. in the process, many different script block log entries were created showing important detailed information on all of the different scr…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
93%
"transcript of every single powershell session with input and output data. the transcripts are written to individual files with a naming convention that prevents name collisions. it is important to note that transcription only records what appears in the powershell terminal window…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
74%
"powershell logging for the blue team powershell logging for the blue team joff thyer / / it is no secret that powershell is increasingly being used as an offensive tool for attack purposes by both red teamers and criminals alike. thanks to the efforts of a number of people in the…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1654Log Enumeration
37%
"using windows 10, then the windows management framework is already installed at version 5. 0. for those organizations still at windows 7, it is advisable to upgrade all workstations to wmf version 5. 0 bring powershell also up to version 5. in addition, windows 7 has a dependency…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1685.001Disable or Modify Windows Event Log
33%
"powershell logging for the blue team powershell logging for the blue team joff thyer / / it is no secret that powershell is increasingly being used as an offensive tool for attack purposes by both red teamers and criminals alike. thanks to the efforts of a number of people in the…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Joff Thyer // It is no secret that PowerShell is increasingly being used as an offensive tool for attack purposes by both Red Teamers and Criminals alike. Thanks to […]
