Description
Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.[1] Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Products, Sensors, and Dependencies
Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
---|
Tenable.io | Advanced Network Scan | Windows machines | Authenticated Scan | SMB | PowerShell Execution Policy | Plugin ID: 92367 |