Q&A
The Wizarding World of PowerShell
PowerShell can be wielded for both good and evil, and knowing both sides can help you keep your organization protected.
As cybersecurity threats continue to change, so too must the tools and tactics used to defend against them. Enter James Brundage, a seasoned PowerShell expert with a deep well of experience. As the founder of Start-Automating and a former member of the PowerShell Team, Brundage has spent 15 years mastering the intricacies of this powerful scripting language.
In his upcoming Live! 360 Tech Con session, "Dark Arts of PowerShell," Brundage will delve into the lesser-known, and sometimes dangerous, capabilities of PowerShell.
Before the session, Redmond had the opportunity to sit down with Brundage for a Q&A to discuss what attendees can expect. From the dual-use nature of PowerShell to the growing impact of AI on security, Brundage provides a preview of the essential knowledge he plans to share -- knowledge that could very well be the key to protecting your organization from the dark forces lurking in the code.
And start making your plans to hear Brundage and our great lineup of experts at this year's Live! 360 Tech Con, taking place in Orlando, Fla. Nov. 17-22. Register by Sept. 27 to save up to $400!
Redmond: Your session title is certainly intriguing and mysterious! Without giving too much away, what do you mean by PowerShell's "dark arts"?
Brundage: Great question! By "dark arts," I mean things that PowerShell can do that not everyone knows. We’ll also be discussing the "dual use" of PowerShell: things that can be used for either good or evil. You’re likely to be a little shocked how much you do with a few lines of code.
Are PowerShell-based attacks more dangerous now that AI can be used to deploy them at scale?
Yes and no. AI has certainly made it easier to become a script kiddie, and it isn't fantastic at generating fault-tolerant code (or code that doesn’t leave a trace). AI may increase the number of attacks, but increasing their sophistication will be trickier.
On the other hand, well-crafted attacker toolkits have used PowerShell (and Python) for some time, and that has enabled them to scale up significantly in the past decade.
In your perspective, how equipped are IT teams for mitigating PowerShell-based security issues?
I think most teams are underequipped for mitigating security issues, including PowerShell-based issues. I believe that most developers and operators need to be able to put on either a black hat or a white hat, depending on circumstances. (This is why there is also a "Defense against the Dark Arts" talk.)
How do you see the role of PowerShell evolving in the next few years, especially with the increasing emphasis on automation? Do you think that will make it more or less susceptible to malicious behavior?
I think the bigger the world gets, the more important automation becomes. PowerShell is a fantastic language for automating at scale, and the need for scale is not going anywhere. Anything good can always be used in a bad way. If an environment is unsecure, it will be susceptible to malicious behavior. Luckily, environments are getting more secure over time, and talks this this can help you understand how to secure your environment.
Having mastered PowerShell's dark arts, how can IT pros use this knowledge for good?
I'd strongly recommend that they also attend the "Defense Against the Dark Arts of PowerShell" talk and learn about threat modelling and logging. I'd also recommend that IT pros follow a few simple rules to improve security:
- Save Passwords Securely.
- Only run code you can trust.
- Run with as few rights as possible.