New PowerShell History Defense Evasion Technique
Summary
This article details a new defense evasion technique involving PowerShell's history feature. The technique exploits the way PowerShell logs commands to a file, allowing attackers to potentially hide their activities.
IFF Assessment
FOE
This technique allows attackers to evade defenses by manipulating PowerShell's logging mechanisms, making it harder for defenders to detect malicious activity.
Defender Context
Defenders should be aware of this technique as it targets a common administrative tool, PowerShell. Monitoring PowerShell command history logs for unusual patterns or obfuscated commands can help detect this evasion method.