Lead Image © Fernando Gregory Milan, 123RF.com

Lead Image © Fernando Gregory Milan, 123RF.com

Security with PowerShell 5

Defense Against the Dark Arts

Article from ADMIN 50/2019
By
Despite the growing exploitation of PowerShell's scripting language by hackers, the tool's security features also offer a line of defense.

PowerShell has become the ultimate administration tool. However, the scripting language is also enjoying increasing popularity among attackers by allowing them to penetrate systems without detection and work their way up the network (Figure 1). Fortunately, administrators are not completely defenseless, because PowerShell 5 offers some useful security features that both limit the use of the scripting language and block other attack paths.

Figure 1: PowerShell allows all kinds of high jinks that can also be misused for attacks.

Windows PowerShell is a powerful tool that combines the command line with a script interpreter. The execution of instructions always linked to the user's context sufficiently arouses the attention of IT security admins; other special features can be viewed critically. Many admins equate PowerShell with the PowerShell.exe file; by simply blocking the executable file, they hope PowerShell will no longer be accessible. However, this is not correct. The following code fragment shows the true nature of PowerShell as part of Microsoft's .NET framework:

$ObjWPS = [POWERSHELL]::Create();
$ObjWPS.AddCommand("get-service");
$ObjWPS.Invoke();

PowerShell is stored in the shared library System.Management.Automation.dll, which means that

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus