Several years ago, Microsoft announced a new tool – AppLocker, which, according to the developers, was designed to increase the level of security when working in Windows. Unfortunately, the way was uncovered, in which you can run any application in the system bypassing AppLocker and without administrator rights.
Undoubtedly, you know about the existence of the Windows PowerShell environment. It plays a very prominent role among Microsoft products. Although Windows PowerShell includes a simple and powerful language for writing scripts. One of the advantages of this technology is that it can be used as a convenient command shell without writing complex scripts.
Nikhil Mittal has shared the presentation ‘Hacked? Pray that the Attacker used PowerShell’. It tell us how to find fingerprints of an attack with powershell in a compromised system.