Current situation around PowerShell
First of all, we need to clarify the current situation in the field itself. The news is full of malware statements that were using PowerShell. Antivirus companies are describing that there is a decent amount of PowerShell usage within malware, and each day new vulnerabilities are being disclosed. In addition, we saw drastic impacts, with ransomware compromising whole companies and even hospitals by encrypting thousands of machines. We have many security conferences in the world: BlackHat, Def Con, Troopers, BlueHat, and BSides, to name a few. At all of these conferences, we can see demos that make use of PowerShell and demonstrate some attacking or exploiting techniques using it. This is only the tip of the iceberg, as we see also an increased use of PowerShell tactics in the lateral account movement. On GitHub, you can download many pentesting frameworks that are implemented with PowerShell. They have different uses such as post-exploitation, reconnaissance...