Stopping “PowerShell without PowerShell” Attacks
The Cortex XDR Security Research Team recently observed “PowerShell without PowerShell” activity involving PowerShell commands and scripts that do not directly invoke the powershell.exe binary.
PowerShell commands and scripts can be executed by loading the underlying System.Management.Automation namespace, exposed through the .NET framework a...