{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "powershellmanager",
  "home_page_url": "https://evotec.xyz/es/tags/powershellmanager",
  "feed_url": "https://evotec.xyz/es/tags/powershellmanager/index.feed.json",
  "description": "Evotec Main Website",
  "items": [
    {
      "id": "https://evotec.xyz/es/blog/restoring-recovering-powershell-scripts-from-event-logs",
      "url": "https://evotec.xyz/es/blog/restoring-recovering-powershell-scripts-from-event-logs",
      "title": "Restoring (Recovering) PowerShell Scripts from Event Logs",
      "summary": "A few days ago, I was asked to take a look at PowerShell Malware. While I don\u2019t know much about malware, my curiosity didn\u2019t let me skip on this occasion, and I was handed over WindowsPowerShell.evtx file. Ok, that\u2019s not what I expected! I wanted PowerShell .ps1 files that I can read and assess? Well, you play with the cards you were dealt with. What I was handed over was PowerShell Event Log. PowerShell writes whatever you execute, and it thinks it is risky, to Windows PowerShell Operation Event Log.",
      "date_published": "2020-08-28T15:39:28.0000000Z",
      "tags": [
        "event log",
        "get-events",
        "powershell",
        "powershellmanager",
        "pseventviewer",
        "Windows"
      ]
    }
  ]
}