围绕PowerShell事件日志记录的攻防博弈
Common Information
Type Value
UUID 15d4b01e-0818-4266-a1d1-5fbce62e6dfc
Fingerprint ce57a7e6d3315961
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Dec. 1, 2018, midnight
Added to db Dec. 19, 2024, 2:58 p.m.
Last updated Dec. 21, 2024, 3:06 a.m.
Headline 围绕PowerShell事件日志记录的攻防博弈
Title 围绕PowerShell事件日志记录的攻防博弈
Detected Hints/Tags/Attributes 8/1/9
Source URLs
Attributes
Details Type #Events CTI Value
Details CVE 8
cve-2018-8415
Details Domain 2
code.to
Details Domain 14
blogs.msdn.microsoft.com
Details Domain 6752
163.com
Details Github username 4
powershell
Details Url 2
https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team
Details Url 1
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8415[3].https://github.com/powershell/powershell/pull/8253[4].https://twitter.com/dissectmalware/status/1016462916059631616
Details Windows Registry Key 2
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging
Details Windows Registry Key 2
HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging