Attackers are using social engineering to get users to copy, paste, and run malicious scripts — all while thinking they are helping out the IT team.
Attackers are using social engineering to get users to copy, paste, and run malicious scripts — all while thinking they are helping out the IT team.
Accessing powershell is not the issue - that Windows is broken, with a sprinkle of bad permission management by corporations using it is the issue. And the bad permission practices are a direct result of how broken Windows is - I tried a while ago to use it with a fully unprivileged user, just like I do for decades on UNIX and now Linux. It pretty much is impossible without privilege elevation prompts every few minutes.
In a proper environment a user should be able to destroy data they’re working with - but not have the ability to alter the operating system.