Power Shell has increasingly become the de facto standard for penetration testers and hackers alike. It enables attackers to “live off the land” by using a Microsoft-signed binary that can execute remote code entirely in memory while bypassing both A/V and application whitelisting solutions. Today’s detection techniques monitor for certain strings in powershell.exe’s command-line arguments. Read More …