Deobfuscation with PowerShell Logging
- by Vince
-
in Blog
-
Hits: 1058
There are a number of tools used for obfuscating PowerShell and one of the more famous tools, Invoke Obfuscation, I've written about a few times. But with PowerShell logging becoming more popular, I wonder why the bother to obfuscate. As far as I can tell, it no longer helps with evasion and if it's not captured in some form, what's the point?
To see what I'm talking about, we need to enable logging and script block logging: