PowerShell can help simplify and automate tedious and repetitive tasks by creating scripts and combining multiple commands together.
What do you use powershell for?
I use it mainly for administrative tasks. Haven’t expanded to the more powerful abilites.
1 Like
There are some great DFIR utilities written in Powershell…works great in corporate windows environments:
PSRecon
Kansa
PowerForensics
Powershell’s DFIR capabilities can also be automated and used as part of an IR process to enrich alerts with more context, check out this blog series:
Enhance the DFIR Process with Powershell and Swimlane – Part 1
Enhance the DFIR Process with PowerShell and Swimlane – Part 2
Enhance the DFIR Process with PowerShell and Swimlane – Part 3
2 Likes
Coming from a linux background, I’ve always used bash scripting for quick/dirty tasks (or perl for super dirty tasks).
Has Powershell matured to a point where it can be seen as a compelling option for scripting?
I use powershell to manage AD.
I personally believe so, coming from a Windows background however, I may be a little bias. I think it has less of a learning curve as well, with self-discovery via standardized verbs for commands, along with helpful commands to get help, list modules and commands along with tab completion.
I typically resort to using PowerShell Core also, when I need to script something on a platform other than Windows (i.e. MacOS), mostly due to just being more familiar with it. Also like the direction Microsoft has been going with [actual] multi-platform support for some of their products, i.e PowerShell. Even though it is creating some fragmentation at the beginning.
As for uses, I’ve used PowerShell from application deployment, configuration management (DSC), to monitoring and remote management. I believe it is a powerful tool, especially if your infrastructure is heavily Windows based.
2 Likes
Just to keep riding your coattails
1 Like