Published On: 2. Mai 2023Categories: Knowledge

The danger of using PowerShell

Microsoft’s PowerShell is becoming increasingly important for companies. It is often used to manage and configure the Microsoft Azure Cloud or to automate IT processes in the company.

Almost every IT administrator has already written one or more PowerShell scripts that are in productive use. However, it is all the more frightening to experience that many companies are not aware of the danger and risk that the use of PowerShell entails.

On the one hand, we experience that the PowerShell itself is not secured at customers and any kind of code execution is allowed and on the other hand, the negligent handling of scripts in productive use.

Code execution almost always possible

There is a very large number of ways to control the Execution Policy or to circumvent.

Copy to Clipboard

Hackers take advantage of this knowledge and can use PowerShell, which provides direct Windows API access, to attack your systems. For this reason, there is also a wide range of PowerShell frameworks such as:

  • PowerSploit
  • PowerShell Empire
  • Mimikatz
  • AutoRDPwn
  • Nishang Framework

For your security, it is important to understand how to configure execution policies correctly to protect your business.

Dealing with PowerShell Code

In most companies, PowerShell is not seen as „development“ but more as a black box that knowledgeable admin luminaries use to make wondrous things happen. Thus, however, the minimum standards of development in dealing with PowerShell are not taken into account.

In our daily work we come across long, uncommented scripts, which have already been adapted by several admins and trainees, each with his own style and copy-paste code from the Internet. These scripts are stored on the local notebook of the admin or on a team drive together with 17 other versions of the script. That these scripts work is mostly a lucky circumstance than real can. When they don’t work anymore we are often called in.

When it comes to developing a product, companies have many specifications. PowerShell code, on the other hand, can be written by anyone. Often these scripts are used as logon scripts or integrated in endpoint management solutions.

How do you deal with PowerShell scripts?

Check which level you have already reached:

Level 0

  • copy and paste code

Level 1

  • Code indent
  • Document
  • Outsource repetitive parts to functions

Level 2

  • Use development environment and plugins
  • Observe sequence in file structure
  • Avoid „Happy Patch Coding“
  • Outsource central code parts to modules

Level 3

  • Introduce Code Management System (GIT)
  • Develop Coding Guidelines
  • Develop branching model

Level 4

  • Develop code testable
  • Implement Dev-OPS process

Level 5

  • Implement automated quality assurance
  • Perform automated unit testing
  • Code signing
  • Control Code execution

If you want to reach the next level, we recommend our PowerShell courses

 

Never miss news again?SUBSCRIBE TO OUR NEWSLETTER