[SANS ISC] PowerShell: ScriptBlock Logging… Or Not?

I published the following diary on isc.sans.org: “PowerShell: ScriptBlock Logging… Or Not?“:

Here is an interesting piece of PowerShell code which is executed from a Word document (SHA256: eecce8933177c96bd6bf88f7b03ef0cc7012c36801fd3d59afa065079c30a559). The document is a classic one. Nothing fancy, spit executes the macro and spawns a first PowerShell command… [Read more]

[The post [SANS ISC] PowerShell: ScriptBlock Logging… Or Not? has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2018/06/19/sans-isc-powershell-scriptblock-logging-not/