A Story About Blocking PowerShell
| Main Author: | Michael Schneider |
|---|---|
| Other Authors: | Marc Ruef |
| Format: | Article eJournal |
| Bahasa: | eng |
| Terbitan: |
, 2015
|
| Subjects: | |
| Online Access: |
https://zenodo.org/record/3521447 |
Daftar Isi:
- Perl is considered to be the Swiss Army Knife among programming languages. This title could soon be passed on to PowerShell (PS). PowerShell is a command line and scripting language that focuses on system administration. It is based on the .NET framework, integrated deep into the operating system and it has a massive amount of functions. In brief: Should an attacker gain access to PowerShell, he will have a very powerful tool at his disposal. It will greatly raise the number of things he’s able to do and he can bypass many a limitation. Following a security audit, I am often asked how I can control the execution of PowerShell or how it could be blocked. In this Labs, I will try to answer those questions.
- This paper was written in 2015 as part of a research project at scip AG, Switzerland. It was initially published online at https://www.scip.ch/en/?labs.20150507 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.