Hi,
NSA just published CSI Keeping PowerShell: Security Measures to Use and Embrace
This Cybersecurity Information Sheet from the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom National Cyber Security Centre (NCSC-UK) provides details on using PowerShell® and its security measures. PowerShell® is a scripting language and command-line tool included with Microsoft Windows®. Similar to Bash for open-source operating systems (e.g., Linux®), PowerShell extends the user experience as an interface into the operating system. PowerShell was introduced in Windows Vista® and has evolved with each Windows version. PowerShell can help defenders manage the Windows operating system [1], by:
Enabling forensics efforts,
Improving incident response, and
Allowing automation of common or repetitive tasks.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------