Disable or Restrict Powershell -EncodedCommand
Powershell is targeted more often as a vector for breaching computer systems. Script signing prevents malicious use of scripted payloads, but an encoded command allows for complex command sequences to be executed in an obfuscated manner, outside of behavior based detection mechanism. Security Groups are calling for disabling of Powershell altogether because there are not security controls to lock down specific features. Disabling Encodedcommand for standard users would at least be a start to breaking the methodologies of those seeking to breach security by leveraging command and control utilities.
2
votes
Mark
shared this idea
1 comment
-
Michael Russo commented
Absolutely! They need to make this available!