The PSReadLine history tracks the commands used in all PowerShell sessions. The history is written to a central file per host. That history file is available to all sessions and contains all past hist
Last updated
Was this helpful?
While writing my C2, I found a trick to avoid saving your commands entered during the PowerShell session in the PSReadLine file.
By default, the PowerShell in Windows 10 saves the last 4096 commands.
File located in: %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
So, let’s execute our simple code.
After executing the code, now we can invoke some commands without logging in “ConsoleHost_history.txt”.
As shown in the picture below, the commands circled in red are only recorded in the PSReadline file.
It's about "Order of Commands"
Commands are added to the history when the command finishes executing, not when the command is entered.
Our code, executes commands without being recorded in the history file, because the while loop does not end and count as one command. What happens inside the loop is not recorded.
All commands that have been executed will be recorded in the Event Viewer.
After going back to , we will find the answer.
