PowerShell is a powerful and versatile tool for both Windows sysadmins and hackers, who use it to build malicious scripts that avoid detection. This advice will make it harder for them to do so.
Hikers living off the land make use of existing nutrients and water sources to survive in the wilderness. In hacker parlance, the term “survive in the wilderness” means they cover their tracks and make use of tools and code that already exist on targeted endpoints. This hides their exploits by making them look like common administrative tasks so that detection tools can’t easily find them. Welcome to the world of PowerShell-based attacks.
PowerShell has deep roots in the DOS command line that came with the first IBM PCs back in the 1980s and the .NET universe. It is now the default command shell that is packaged in the current Windows 10 version. PowerShell has been around for more than a decade in one form or another. It comes bundled with Windows since version 7, and now has Linux versions as well. That widespread use can only encourage hackers to abuse it in the future.
PowerShell is versatile, but dangerous
PowerShell has a lot of versatility, since it can execute a variety of commands that can directly examine and change particular Windows resources such as Registry objects, environment variables, the Windows Management Interface, and programs stored in memory. You can use it to administer Exchange functions and other Windows server tasks. It can install scripts that execute at boot time, which makes them attractive for hackers that want the scripts to persist.