JosephKing 3 Posted April 29, 2022 Share Posted April 29, 2022 I wanted to share some resources about PowerShell logs for anyone unfamiliar with enabling Scriptblock logging. Run>gpedit.msc. > User Configuration\Administrative Templates\Windows Components\Windows Powershell\Turn on Powershell Script Block Logging,Transcription https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging/#:~:text=1 EID 400: The engine status is changed,status is changed from Available to Stopped. https://adamtheautomator.com/powershell-logging-2/https://github.com/littl3field Link to comment Share on other sites More sharing options...
Recommended Posts