Technique T1059

Command and Scripting Interpreter

Command and Scripting Interpreter tops our list this year thanks in large part to detections associated with two of its sub-techniques: PowerShell and Windows Command Shell.

Pairs with this song

#1

Overall rank

72.2%

Organizations affected

4798

Confirmed threats
T1059.001
PowerShell
PowerShell

48.7%

organizations affected

2,366

confirmed threats

PowerShell was the most common technique we observed in 2020, affecting nearly half of our customers. It remains among the most versatile of built-in utilities for adversaries, defenders, and system administrators alike.

SEE MORE
T1059.003
Windows Command Shell
Windows Command Shell

38.4%

organizations affected

1,984

confirmed threats

While it doesn’t do much on its own, Windows Command Shell can call on virtually any executable on the system to execute batch files and arbitrary tasks.

SEE MORE

Definition