Fileless attacks are becoming a popular technique used by adversaries in Cyber attacks. Attackers often uses PowerShell to run file-less malware, which are non-binary files that can’t easily be detected by anti-virus solutions. Adversaries and attackers relies on the Obfuscation techniques to hide their malicious payload and to avoid detection of their attack. Today we will learn how and why attackers uses powershell.
What is the
Powershell ?
Powershell was initially created by Microsoft as a powerful task-based command-line shell and scripting language built on .NET. Windows PowerShell is a popular tool for performing admin tasks and like any useful tool can be leveraged by adversaries. Powershell can easily import modules, access core Windows APIs, execute remote commands, start a process cmdlet that can be used to run an executable, and the Invoke-Command which runs a command locally or on a remote computer. Which is makes Powershell a lethal weapon in the hands of malware writers. PowerShell provides easy access to all major functions of the operating system. The versatility of PowerShell makes it an ideal candidate for any purpose, whether the user is a defender or attacker.
Reasons why
attackers use PowerShell