Description
It seems that there is user running a suspicious Powershell scripts on his machine. Fortunately, loggins is turned on on that machine and we were able to retrieve the Powershell event log. Find out what has been sent to the attacker.
Files
-
Microsoft-Windows-PowerShell%4Operational.evtx
68.00 KiB – 770b92f7c98ffb708c3e364753ee4bb569ccc810dd5891cbaf1363c2063ddd78
Author
ribt
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.