Show in Graph
Common Information
Type Value
Value 
PowerShell - T1059.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.(Citation: TechNet PowerShell) Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the <code>Start-Process</code> cmdlet which can be used to run an executable and the <code>Invoke-Command</code> cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems). PowerShell may also be used to download and run executables from the Internet, which can be executed from disk or in memory without touching disk. A number of PowerShell-based offensive testing tools are available, including [Empire](https://attack.mitre.org/software/S0363), [PowerSploit](https://attack.mitre.org/software/S0194), [PoshC2](https://attack.mitre.org/software/S0378), and PSAttack.(Citation: Github PSAttack) PowerShell commands/scripts can also be executed without directly invoking the <code>powershell.exe</code> binary through interfaces to PowerShell's underlying <code>System.Management.Automation</code> assembly DLL exposed through the .NET framework and Windows Common Language Interface (CLI).(Citation: Sixdub PowerPick Jan 2016)(Citation: SilentBreak Offensive PS Dec 2015)(Citation: Microsoft PSfromCsharp APR 2014)
Details Published Attributes CTI Title
Details Website 2024-12-03 120 Malvertisment campaigns: Uncovering more IoCs from the recent Windows Defender fraud — Silent Push Threat Intelligence
Details Website 2024-11-18 13 북한 APT Kimsuky(김수키)에서 만든줌 미팅(Zoom Meeting) 사칭 악성코드-Zoom Meeting(2024.9.28)
Details Website 2024-11-17 15 CTF Write-up: Sigma 101 (Certified Cyber Defenders)
Details Website 2024-11-17 9 BadUSB ile Administrator olarak Reverse Shell Almak
Details Website 2024-11-17 4 Detecting and Mitigating Portable Applications in Enterprise Environments
Details Website 2024-11-17 0 (1/10) CyberCore — Security Essentials (SEC-100)
Details Website 2024-11-17 0 How I passed OSCP+ in two months
Details Website 2024-11-16 2 Securing Windows 11 with PowerShell: Privacy, Security, and Performance Optimization
Details Website 2024-11-16 18 Browser’s Secret Diary: Memory Dumps Unveiled
Details Website 2024-11-16 90 From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-16 2 Preventing Local Admin Rights Bypass: Strategies and Best Practices
Details Website 2024-11-16 0 Threat Hunting With YARA: Tryhackme Writeup.
Details Website 2024-11-16 3 Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
Details Website 2024-11-15 18 Browser’s Secret Diary: Memory Dumps Unveiled
Details Website 2024-11-15 16 SIBERKU BASIC DIGITAL FORENSIC
Details Website 2024-11-15 11 The Windows Security Journey — HGS (Host Guardian Service)
Details Website 2024-11-15 7 Enhancing Wazuh Efficiency with AI: Meet the New AI Analyst in SOCFortress CoPilot
Details Website 2024-11-15 0 New Glove Stealer Malware Bypasses Google Chrome's App-Bound to Steal Data
Details Website 2024-11-15 3 Daniel Stori's Turnoff.US: ‘I Love Windows Powershell’
Details Website 2024-11-15 4 New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant - SOC Prime
Details Website 2024-11-15 38 Dark Web Profile: Cadet Blizzard
Details Website 2024-11-15 4 Black Basta Ransomware Leveraging Social Engineering For Malware Deployment
Details Website 2024-11-15 2 ViperSoftX: Tracking And Countering a Persistent Threat - CUJO AI
Details Website 2024-11-15 0 The Road to CRTP Cert — Part 1
Details Website 2024-11-15 33 DONOT's Attack On Maritime & Defense Manufacturing