PowerShell Tricks

Elevated & Unrestricted Script Execution

Bypass security policies and user profiles to execute a script

Start-Process powershell.exe -Verb RunAs -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File C:\\file.ps1"

Obfuscation & Evasion

Use base64

powershell.exe -enc <Base64EncodedString>

Lateral Movement

Uses WinRM for remote execution

Invoke-Command -ComputerName TARGET01 -ScriptBlock { whoami }