{
	"id": "a36bf17f-a1aa-4f58-82b9-0fef870e7c59",
	"created_at": "2026-04-06T00:21:13.371748Z",
	"updated_at": "2026-04-10T13:12:29.905666Z",
	"deleted_at": null,
	"sha1_hash": "f53160cd72c67b818cc426cf9ac5ee901630f36c",
	"title": "Disable Windows Event Logging | Red Team Notes 2.0",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42749,
	"plain_text": "Disable Windows Event Logging | Red Team Notes 2.0\r\nPublished: 2021-01-23 · Archived: 2026-04-05 20:43:07 UTC\r\n⌘Ctrlk\r\n1. Red Team Techniques\r\n2. Defense Evasion\r\n3. T1562: Impair Defenses\r\nDisable Windows Event Logging\r\nAdversaries may disable Windows event logging to limit data that can be leveraged for detections and audits.\r\nWindows event logs record user and system activity such as login attempts, process creating, and much more. This\r\ndata is used by security tools and analysis to generate detections.\r\nAdversaries may target system-wide logging or just that of a particular application. By disabling Windows event\r\nlogging, adversaries can operate while leaving less evidence of a compromise behind.\r\nExample:\r\nWe can also disable the eventlog service from the workstation this can be done with PowerShell but we will need\r\nto apply the -Force flag since this service has other services dependent from it.\r\nWe can confirm it with CMD as well and we see that it is unable to start since the service is also disabled, besides\r\nbeing stopped as well.\r\nSet it back how it was is simple.\r\nAnd a restart then all back to normal. As we can see this is a great method to hide our tracks and a progression\r\ndone in an environment APT have a use for these techniques to evade Defenses\r\nhttps://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging\r\nPage 1 of 2\n\nLast updated 5 years ago\r\nSource: https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-lo\r\ngging\r\nhttps://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging"
	],
	"report_names": [
		"disable-windows-event-logging"
	],
	"threat_actors": [],
	"ts_created_at": 1775434873,
	"ts_updated_at": 1775826749,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f53160cd72c67b818cc426cf9ac5ee901630f36c.pdf",
		"text": "https://archive.orkl.eu/f53160cd72c67b818cc426cf9ac5ee901630f36c.txt",
		"img": "https://archive.orkl.eu/f53160cd72c67b818cc426cf9ac5ee901630f36c.jpg"
	}
}