The National Cyber Security Centre (NCSC) and international allies have issued a new advisory encouraging organisations to implement appropriate configuration and monitoring of PowerShell, and if you use PowerShell, you need to take note of it.
PowerShell is a scripting language and command line tool included with Microsoft Windows. Similar to Bash for open-source operating systems (e.g., Linux), PowerShell extends the user experience as an interface into the operating system. Therefore, a number of IT teams and sysadmin’s use it to good effect.
However, because of its power, it has the potential to be a vector for malware and other cyber security attacks. NCSC, together with allies in New Zealand and the US, have issued joint guidance to help Windows operators and administrators understand how PowerShell supports system maintenance, forensics, automation, and security.