Detection Playbooks

T1059.001 · 2026-06-13 PowerShell Execution Windows MITRE ATT&CK → Technique PowerShell (T1059.001) Tactic Execution Platforms Windows Overview PowerShell (T1059.001) is the abuse of Windows’ built-in scripting engine to execute commands, download payloads, run code entirely in memory, and interact with the operating system or remote systems. Attackers use it to accomplish almost anything: initial execution, … Read more

T1059.001 · 2026-06-13 PowerShell Execution Windows MITRE ATT&CK → Technique PowerShell (T1059.001) Tactic Execution Platforms Windows Overview PowerShell (T1059.001) is a built-in Windows scripting environment that adversaries abuse to execute commands, download payloads, run code entirely in memory, and interact with the operating system — all using a trusted, signed Microsoft binary. Because PowerShell has … Read more

T1059.001 · 2026-06-13 PowerShell Execution Windows MITRE ATT&CK → Technique PowerShell (T1059.001) Tactic Execution Platforms Windows Overview PowerShell (T1059.001) refers to adversary abuse of Windows PowerShell — Microsoft’s built-in scripting language and interactive shell — to execute commands, run scripts, download payloads, and perform post-exploitation activity. Because PowerShell is deeply integrated into Windows administration and … Read more