Powershell

Definition

PowerShell is a **command-line shell and scripting language** developed by Microsoft, designed for system administration and automation. It’s built on the .NET framework, which means it can interact deeply with Windows — managing files, processes, registry entries, services, and even remote systems.

For legitimate users, PowerShell is a powerhouse:

* Automates repetitive tasks (like creating user accounts or configuring systems)
* Manages both local and remote computers
* Works with structured data like JSON, XML, and CSV
* Can call .NET classes and use COM objects for advanced control

A simple example:

```powershell
Get-Process
```

Lists all running processes on the system.

From a cybersecurity perspective, PowerShell is a double-edged sword. Attackers love it because:

* It’s **built into Windows** — no extra tools to download
* It can run code entirely in memory, leaving fewer traces on disk
* It supports downloading and executing scripts directly from the internet
* It can be used for reconnaissance, lateral movement, data exfiltration, and malware delivery

Example malicious use:

```powershell
powershell.exe -nop -w hidden -enc SQBtAG... (Base64-encoded payload)
```

Here, flags like `-nop` (no profile) and `-w hidden` hide execution, while `-enc` runs an obfuscated script.

Real-world examples:

* **Emotet** and **TrickBot** have used PowerShell to download second-stage payloads.
* **SolarWinds attackers (2020)** used PowerShell scripts for credential dumping and persistence.
* **Cobalt Strike beacons** are often launched via PowerShell commands.

Powershell

Definition

Explore More Terms