Security News > 2022 > June > NSA shares tips on securing Windows devices with PowerShell
The National Security Agency and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines.
"Blocking PowerShell hinders defensive capabilities that current versions of PowerShell can provide, and prevents components of the Windows operating system from running properly. Recent versions of PowerShell with improved capabilities and options can assist defenders in countering abuse of PowerShell".
Reducing the risk of threat actors abusing PowerShell requires leveraging capabilities in the framework such as PowerShell remoting, which does not expose plain-text credentials when executing commands remotely on Windows hosts.
PowerShell remoting between Windows and Linux hosts.
Another recommendation is to reduce PowerShell operations with the help of AppLocker or Windows Defender Application Control to set the tool to function in Constrained Language Mode, thus denying operations outside the policies defined by the administrator.
"Proper configuration of WDAC or AppLocker on Windows 10+ helps to prevent a malicious actor from gaining full control over a PowerShell session and the host".