PowerShell is rapidly becoming a weapon of choice for post-breach (infiltration) steps, used in many recent high profile breaches. PowerShell, according to Dave Kennedy, is “BASH for Windows” – it’s a scripting language and framework that in Windows is used for automation and control.
In the past few years, PowerShell tools, such as PowerSploit, Nishang, PowerUp, and Empire have made PowerShell one of an attacker’s choice weapons.