Greater Visibility Through PowerShell Logging | Mandiant
Tags
Common Information
Type | Value |
---|---|
UUID | 216d9714-6ca1-4753-88d7-4ed9ae37330e |
Fingerprint | 8457aeb7dd3548c0 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Feb. 11, 2016, midnight |
Added to db | Nov. 6, 2023, 7:10 p.m. |
Last updated | Dec. 25, 2024, 1:26 p.m. |
Headline | Greater Visibility Through PowerShell Logging |
Title | Greater Visibility Through PowerShell Logging | Mandiant |
Detected Hints/Tags/Attributes | 42/1/19 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 21 | blogs.msdn.com |
|
Details | Domain | 4724 | github.com |
|
Details | Domain | 147 | archive.org |
|
Details | File | 1 | windows-management-framework-wmf-4-0-update-now-available-for-windows-server-2012-windows-server-2008-r2-sp1-and-windows-7-sp1.aspx |
|
Details | File | 1 | powershell-the-blue-team.aspx |
|
Details | File | 1 | wp-lazanciyan-investigating-powershell-attacks.pdf |
|
Details | Github username | 1 | matthewdunwoody |
|
Details | Microsoft Patch Numbers | 1 | KB3000850 |
|
Details | Microsoft Patch Numbers | 1 | KB3119938 |
|
Details | Microsoft Patch Numbers | 1 | KB3109118 |
|
Details | Url | 1 | http://blogs.msdn.com/b/powershell/archive/2016/01/19/windows-management-framework-wmf-4-0-update-now-available-for-windows-server-2012-windows-server-2008-r2-sp1-and-windows-7-sp1.aspx |
|
Details | Url | 1 | http://blogs.msdn.com/b/powershell/archive/2015/06/09/powershell-the-blue-team.aspx |
|
Details | Url | 1 | https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/wp-lazanciyan-investigating-powershell-attacks.pdf |
|
Details | Url | 1 | https://blogs.msdn.microsoft.com/powershell/2016/02/24/windows-management-framework-wmf-5-0-rtm-packages-has-been-republished |
|
Details | Url | 1 | https://github.com/matthewdunwoody/block-parser |
|
Details | Url | 1 | https://archive.org/details/no_easy_breach. |
|
Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging |
|
Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging |
|
Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription |