The Problem with PowerShell Logging Bypasses
logging-bypass malware powershellBefore we start talking about logging bypasses and why they generally suck at bypassing logs, I’ll provide a little context on PowerShell logging and ScriptBlocks.
PowerShell ScriptBlocks are collections of statements or expressions to be executed. These ScriptBlocks are Objects of the System.Management.Automation.ScriptBlock type. They can be invoked, executed with a call operator, or otherwise executed via typical PowerShell methods. ScriptBlock Logging is a policy that logs all script input and the processing of commands, script blocks, and functions.
Read more...