SOLVED!
I’m stuck on the second question in this module. It wants me to replicate the unmanaged powershell attack however when I try to execute the code,
Import-Module .\Invoke-PSInject.ps1
Invoke-PSInject -ProcId [Process ID of spoolsv.exe] -PoshCode "V3JpdGUtSG9zdCAiSGVsbG8sIEd1cnU5OSEi"
I get errors in powershell and CMD. And I have changed the process ID to match as well. Not looking for the answer just a nudge.
Edit: I got the code to work finally and figured that out and I see that spoolsv is now in a managed state but I/m not seeing any logs for event ID 7.
Thanks!