CISA shares best practices in using PowerShell that reduce manipulations during malware, monitors the tool, and hardens overall security.

Keeping PowerShell: Measures to Use and Embrace | CISA


The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.  CISA urges organizations to review Keeping PowerShell: Measures to Use and Embrace and take actions to strengthen their defenses against malicious cyber activity.