Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Rekt Stack win10 Pro Logging VM Setup
- 1.Local Group Policy
- computer configuration -> policies -> windows settings -> security settings -> local policies -> ENABLE ALL
- 2.Enable FORCE Advanced Audit
- computer configuration -> policies -> security settings -> local policies -> security options
- 3. Increase Logs
- WevtUtil sl "Windows PowerShell" /ms:256000100
- WevtUtil sl "System" /ms:256000100
- WevtUtil sl "Application" /ms:256000100
- 4. Enable Command line logging
- open cmd prompt as root
- reg add "hklm\software\microsoft\windows\currentversion\policies\system\audit" /v ProcessCreationIncludeCmdLine_Enabled /t REG_DWORD /d 1
- 5. Add powershell profile
- open notepad as admin.
- paste
- $LogCommandHealthEvent = $true
- $LogCommandLifecycleEvent = $true
- save in
- c:\windows\system32\WindowsPowerShell\v1.0\
- as
- profile.ps1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement