New PowerShell History Defense Evasion Technique
Summary
This article from Black Hills Information Security details a new defense evasion technique involving PowerShell's command history functionality. The technique leverages how PowerShell writes executed commands to a file, which can be manipulated for malicious purposes.
IFF Assessment
FOE
This article describes a new technique that attackers can use to evade defenses, which is bad news for defenders.
Defender Context
This technique highlights the importance of monitoring and securing PowerShell execution environments, as attackers can exploit its built-in logging features. Defenders should consider implementing additional logging, detection rules, and potentially restricting or carefully auditing PowerShell history configurations.