Enumerate PowerShell logs for sensitive data with Seatbelt

Download Seatbelt and enumerate PowerShell script block logs (4104) with sensitive data.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my host protected against Seatbelt?


Deploy Seatbelt to enumerate the local system.