Security PowerShell Is Source of More Than a Third of Critical Security Threats

[e1-531g]

Found it on Slashdot
https://www.esecurityplanet.com/thre...urity-threats/

Quote:

PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference today.

The top category of threats detected across endpoints by Cisco Secure Endpoint was dual-use tools leveraged for exploitation and post-exploitation tasks. PowerShell Empire, Cobalt Strike, PowerSploit, Metasploit and other such tools have legitimate uses, Cisco noted in the report, but they’ve become part of the attacker toolkit too. Such “living off the land” tactics can avoid detection when deploying foreign tools or code to compromise systems.

In second place was ransomware, and after the recent Colonial Pipeline hack probably needs no further comment.

In the past I have created a thread about LOLBAS in OpenBSD, but unfortunately there were no constructive answers what to remove from i.e. chroot to restrict user
http://daemonforums.org/showthread.php?t=11110

[jmccue]

I am wondering how this effects people who installed and used this under Linux. At work, a few people I know did install powershell on their work systems, me, I stayed away from it on the Linux systems I have.

Out of curiosity, I did a package search, and from what I see powershell is not in OpenBSD packages. Not that I would ever use it