-
-
Save KeyboardMonkey/2e2feaaaab5bac7d91a434b3b750ef22 to your computer and use it in GitHub Desktop.
Revisions
-
hook-s3c created this gist
Nov 15, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,43 @@ Logs are held by default in the user profile: \AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt this directory also hosts per-application logs -------------------------------------------------------------- Disable Logging... remove-module psreadline Set-PSReadlineOption -HistorySavePath path - to change the default path of log file Set-PSReadlineOption –HistorySaveStyle SaveNothing - to disable logging feature Other; - Get-Credential - variable = Read-Host -AsSecureString "mysecurestring" -------------------------------------------------------------- Scrubbing; del (Get-PSReadlineOption).HistorySavePath -------------------------------------------------------------- Extracting logs with python; https://github.com/KalibRx/PoshHarvestPy -------------------------------------------------------------- Sources... https://twitter.com/DissectMalware/status/1062879286749773824 https://twitter.com/nikhil_mitt/status/1062382974744887296 https://twitter.com/DevinStokes/status/1062760239781408768 https://twitter.com/IISResetMe/status/1062594906626187264 https://blogs.msdn.microsoft.com/stevelasker/2016/03/25/clear-history-powershell-doesnt-clear-the-history-3/ https://0xdf.gitlab.io/2018/11/08/powershell-history-file.html https://yunolikerobots.com/blog/f/log-everything-right