Executing PowerShell without PowerShell.exe
The next important topic addresses one of the top myths around PowerShell security:
:
The first three of the top myths you have already learned about. The last one is about the problem that many defenders still think exists today: blocking PowerShell.exe
will also block PowerShell in general. As you know, PowerShell is based on .NET, and in detail, it uses the System.Management.Automation
namespace. Therefore, System.Management.Automation.dll
will be loaded to execute PowerShell cmdlets.
Note
The documentation for the API for System.Managamenent.Automation.dll
can be found at the following link: https://docs.microsoft.com/en-us/dotnet/api/system.management.automation.
The first example shows how the dll
can be loaded and used without PowerShell.exe
. For this scenario, a small C# program is created. First, take a look at the C# code, which is saved as plain text to a *.cs
file in your example prog.cs
:
using System; using System.Configuration.Install;...