In the last chapter, we saw how to work with different kinds of data and different file formats to aid you with storing and transferring PowerShell objects. This data can use some encryption.
One of the most important topics nowadays is security. This topic introduces the current situation in the field and explains the most important topics concerned with securing the execution of PowerShell. Unfortunately, PowerShell is commonly used as a scripting language in pentesting and hacking frameworks. Does this mean that PowerShell itself is a vulnerability? This chapter provides guidance around all the topics in the security area, enabling and configuring them.
These are the topics we'll be covering in this chapter:
- The current situation around PowerShell
- Is PowerShell a vulnerability?
- Principle of Least Privilege
- The community
- Version 5
- Evergreen
- Secure coding
- Remoting:
- Double hop
- ExecutionPolicy:
- Bypassing ExecutionPolicy
- Executing PowerShell without PowerShell.exe
- Constrained Language Mode
- Applocker
- Windows Defender Application Control
- Obfuscation
- Powershell logging
- AMSI
- Prioritizing the technical security controls