mgeeky
commented
3 years ago Damn, that's unfortunate. I'll look into this as soon as I find a spare minute.
Thanks for this issue report. Will keep it open until I address it.
Regards, Mariusz.
Open williamknows opened 3 years ago
mgeeky
commented
3 years ago Damn, that's unfortunate. I'll look into this as soon as I find a spare minute.
Thanks for this issue report. Will keep it open until I address it.
Regards, Mariusz.
S3cur3Th1sSh1t
commented
3 years ago There was a patch for the first bypass. It’s written down here:
https://cobbr.io/ScriptBlock-Logging-Bypass.html
https://gist.github.com/cobbr/d8072d730b24fbae6ffe3aed8ca9c407
It was changed somewhere around November 2017. I got the gists bypass working two days ago ;-)
mgeeky
commented
3 years ago Thanks @S3cur3Th1sSh1t for your heads-up! Makes it way much easier to fix that one. Will try to hunt it down in a matter of days.
Cheers Mate! Mariusz.
ghost
commented
2 years ago stracciatella-remote doesn't seem to work , the command still executes on localhost though.
stracciatella-remote -v remote ip adress + pipe name + command , here's the syntax I used, weird it still execute on localhost. Any help ? :) thx
mgeeky
commented
2 years ago This issue with Script Block Logging should be now addressed in the latest version. :)
Let me know if problem remains.
Config:
3c3e059(currently the latest) compiled with the default configuration for .NET 4.The script block logging bypass used no longer appears to work. I'm seeing a lot of 4104 logs for executed commands.