Powershell & Win11 solved but not really...

47Ronin

47Ronin

Senior Member
Joined
Jan 11, 2022
Messages
577
Reaction score
312
Right everyone and their pet rock knows Powershell is a bit of a double edge sword when it comes to running scripts. Since my main PC is airgapped I am not really worried about bad things happening. I would connect only to update Win11 security and virus definitions. I have a rescue-kit on a flash to do scans with. Other then that it is offline. It is where I do my work and keep customer profiles and stuff like that so obviously extra careful with it.

My poor laptop on the other hand is not so lucky. It is running on a separate router with its own internet and is essentially isolated. Thing is my Powershell is enabled all the time on it. Now this is seriously stupid as we all know the damage Powershell can do if it runs a bad script.

I figured I would just disable the bloody thing in the registry but find I forget from time to time. So was wondering if there is a way to enable and disable it without running to the registry 10 times a day.

I did a custom registry entry to activate scripts and deactivate it. Nothing serious but like I said I do forget so... how do you all deal with this?

I am not clued up with Win11 and is still learning it, but it is an obvious problem so I am hoping for a easy "you click here" solution. If not I will just try and make a bat[batch] file to change the value make it run on startup. This takes me back to winNT4 now don't know why...
 
This is parody right? /works on an air gapped PC with hacker fonts…

I find that solving the PBCAK to be the first step.

Seriously. Who executes scripts “by mistake” or doesn’t know what they are executing?
Also, powershell’s default execution level is pretty restrictive.
 
Last edited:
_kabal_ said:
This is parody right? /works on an air gapped PC with hacker fonts…

I find that solving the PBCAK to be the first step.

Seriously. Who executes scripts “by mistake” or doesn’t know what they are executing?
Also, powershell’s default execution level is pretty restrictive.
Click to expand...
Actually there is a lot more to this.

Ongoing PowerShell security threats prompt a call to action

Have a look for yourself, Again I try to do a ton of research first before doing something. The only reason I need it is to run Python stuff actually. So i do use it a lot.

As for the hacker fonts and the green glow on scripts nah... Not into that. Airgapping my PC sounds drastic but over 100 clients info on it along with important stuff. Keeping it away from any network just sounded like a good idea in my head.

I am importing an SSD/HDD bay. Two of them. This way I can simply remove the drive with all the info on it and run a second one. That way I have a bit more security to this. When I get it I will add some photos.
 
Happy Sloth said:
Actually there is a lot more to this.

Ongoing PowerShell security threats prompt a call to action

Have a look for yourself, Again I try to do a ton of research first before doing something. The only reason I need it is to run Python stuff actually. So i do use it a lot.

As for the hacker fonts and the green glow on scripts nah... Not into that. Airgapping my PC sounds drastic but over 100 clients info on it along with important stuff. Keeping it away from any network just sounded like a good idea in my head.

I am importing an SSD/HDD bay. Two of them. This way I can simply remove the drive with all the info on it and run a second one. That way I have a bit more security to this. When I get it I will add some photos.
Click to expand...

I'm generally on the other side of this trying to get into a system as a pentester, granted I'm pretty new in the industry.

Lets say I have somehow accessed your PC and Powershell is disabled, there are numerous other ways to accomplish my goals. I can just as easily use Python and would prefer to use that because it is easier to use, but I can use cmd or download a tool. With cmd you cant even disable it I can go into the System32 folder and run it or download it to the pc

Lets say internet pc and non internet pc are linked in anyway it is pretty easy to forward the ports (pivot) from the pc I have access to, to the other pc and get all your clients information. I do believe you said this wasn't possible but is something to think about.

You could add in another layer of protection by dwarfing the PC to only be able to access Python and a few other things on a non admin account which would make a hacker have to do some kind of privilege escalation before they could change anything.

Both of those cases are pretty easy but if you add in an antivirus things become much more difficult, I now need to start encoding everything so the antivirus cant pick it up. This becomes a pain and if I make a mistake the antivirus will kick me out the system.

So if I were to rate the level of protection from disabling powershell, I would probably give you 1 point. Leaving Python accessible I would take away 4 points but having a good antivirus plus 10.

Honestly finding a random internet facing computers IP, launching hours of work at it to break in just to find some guy who plays lots of steam games is just not worth it. So I would say its unlikely but possible someone may do this. You dont seem like the type to click all the things to run a random powershell script so I wouldn't stress too much about even disabling it.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X