The danger of using PowerShell
Microsoft’s PowerShell is becoming increasingly important for companies. It is often used to manage and configure the Microsoft Azure Cloud or to automate IT processes in the company.
Almost every IT administrator has already written one or more PowerShell scripts that are in productive use. However, it is all the more frightening to experience that many companies are not aware of the danger and risk that the use of PowerShell entails.
On the one hand, we experience that the PowerShell itself is not secured at customers and any kind of code execution is allowed and on the other hand, the negligent handling of scripts in productive use.
Code execution almost always possible
There is a very large number of ways to control the Execution Policy or to circumvent.
Hackers take advantage of this knowledge and can use PowerShell, which provides direct Windows API access, to attack your systems. For this reason, there is also a wide range of PowerShell frameworks such as:
- PowerShell Empire
- Nishang Framework
For your security, it is important to understand how to configure execution policies correctly to protect your business.
Dealing with PowerShell Code
In most companies, PowerShell is not seen as “development” but more as a black box that knowledgeable admin luminaries use to make wondrous things happen. Thus, however, the minimum standards of development in dealing with PowerShell are not taken into account.
In our daily work we come across long, uncommented scripts, which have already been adapted by several admins and trainees, each with his own style and copy-paste code from the Internet. These scripts are stored on the local notebook of the admin or on a team drive together with 17 other versions of the script. That these scripts work is mostly a lucky circumstance than real can. When they don’t work anymore we are often called in.
When it comes to developing a product, companies have many specifications. PowerShell code, on the other hand, can be written by anyone. Often these scripts are used as logon scripts or integrated in endpoint management solutions.
How do you deal with PowerShell scripts?