The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

    • RT @aboutanurse: Patiënten die beademd zijn of langer dan 48 uur op onze IC liggen worden door ons gebeld om terug te komen op de nazorgpol… 13 minutes ago
    • RT @BeiAnja: Der Sechsjährige hat jetzt ein eigenes Handtuch, das er überall mit hinnimmt. Erwarte jetzt, dass er kurzfristig von der Erd… 17 minutes ago
    • RT @NPORadio2: Vijftig jaar oud beeldmateriaal vinden van @ledzeppelin, dat is nog eens een bijzondere ontdekking als je je schuur opruimt.… 23 minutes ago
    • RT @rki_de: #COVID19: Entlassungskriterien aus der Isolierung RKI empfiehlt ab sofort 14-tägige Isolierung und Testung vor Entisolierung v… 24 minutes ago
    • Reminder: check if LUMC Privacy Statement and Gebruiksvoorwaarden are printable or downloadable as PDF. wiert.me/2021/02/26/rem… 1 hour ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,276 other followers

ρσℓα¢ķ͌͌͌͌͌͌͌͌͌͌͌͌͌͌ on Twitter : “The PowerShell console history file isn’t just useful for DFIR peeps, red team-ers should check it too! 4096 entries by default, here’s the path…”

Posted by jpluimers on 2020/01/15

Not sure why, but I checked a few of my systems and no  file at %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

Heck: no ConsoleHost_history.txt files on those systems anywhere.

[WayBack] ρσℓα¢ķ͌͌͌͌͌͌͌͌͌͌͌͌͌͌ on Twitter : “The PowerShell console history file isn’t just useful for DFIR peeps, red team-ers should check it too! 4096 entries by default, here’s the path: %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt”

–jeroen

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: