Introduction

1.1 Why PowerShell :

Powershell is a powerful built-in shell and scripting environment we can utilize as penetration testers considering its wide-spread availability on all modern Windows-based systems.

The use of Powershell allows us to take advantage of the “livingoff-the-land” concept, where using tools that are built-in to the Operating System work to our advantage once we’ve obtained access to a system.

There are many advantages to using Powershell as it relates to penetration testing, with some of them being:

• Many organizations aren’t actively hunting for Powershell activity since it is usually considered a “trusted” application. 
• We can use Powershell to run, download or execute code, entirely within the memory process of the Powershell executable, helping us evade endpoint security solutions. 
• We can use it to interface with the .NET and other Windows APIs.

Advantages (continued):

• We can call Windows DLL functions from within Powershell.
• We can use it to bypass application whitelisting
implementations by running the usual operating system
commands from the Powershell CLI.
• Many tools are already available to us for a large number of
purposes related to penetration testing.

Having access to all of those things through Powershell helps us reduce our footprint and evade defense mechanisms while conducting post-exploitation tasks.

Powershell is also easy to use, and there are many scripts and frameworks written that we can utilize for our offensive purposes. Furthermore, it doesn’t take much to create our own scripts to carry out some of our tasks as we’ll see in the modules that follow.