Skip to content

Hide Navigation Hide TOC

PowerShell Logging Disabled Via Registry Key Tampering (fecfd1a1-cc78-4313-a1ea-2ee2e8ec27a7)

Detects changes to the registry for the currently logged-in user. In order to disable PowerShell module logging, script block logging or transcription and script execution logging

Cluster A Galaxy A Cluster B Galaxy B Level
PowerShell Logging Disabled Via Registry Key Tampering (fecfd1a1-cc78-4313-a1ea-2ee2e8ec27a7) Sigma-Rules Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2