The Carbon Black Threat Research Team, in conjunction with more than two dozen managed
security services provider (MSSP) and incident response (IR) partners, is increasingly seeing
PowerShell exploitation during cyber attacks.
This supports a growing industry trend of malware authors creatively attempting to evade detection
by using native tools on operating systems to cloak their malicious activities.
This report reveals some of the key techniques attackers are using to leverage PowerShell so they
can gain access to organizations’ endpoints.