Defending Against the Malicious Use of Admin Tools: PowerShell™

Abstract: Malicious actors are using our own tools against us. Why reinvent the wheel or drop something new, something distinguishable, when the tools used on every network every day will provide you all you need? This paper provides a strategy for hardening, defending, and detecting anomalous, and malicious, use of administrator toolsets. In particular, this paper will focus on Microsoft’s® PowerShellTM and will provide a methodology for hardening and defending it from adversarial use.

Date Published:

Last Reviewed: 10 November 2016

Identifier: CTR-U-OO-802234-16

Creator: Vulnerability Solutions

Dissemination Control: N/A

Length: 10 page(s)

Format: pdf

Type: Guide/Plan; Configuration Guide

Tags: Malicious Actor; Microsoft; Network Security