infosecn1nja
/
atomic-red-team
mirror of https://github.com/infosecn1nja/atomic-red-team.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
atomic-red-team/Windows/Defense_Evasion/Indicator_Removal_on_Host.md

543 B
Raw Permalink Blame History

Indicator Removal on Host

MITRE ATT&CK Technique: T1070

Wevtutil

Clear system logs

wevtutil cl System

Clear Security logs

wevtutil cl Security

Clear Setup logs

wevtutil cl Setup

Clear Application logs

wevtutil cl Application

Stop event logs

Wevtutil.exe sl Security /e:false

Fsutil

Manages the update sequence number (USN) change journal, which provides a persistent log of all changes made to files on the volume.

fsutil usn deletejournal /D C: