PowerShell is a highly customizable command-line tool that’s often enabled by default. With it, administrators can easily and quickly automate routine tasks necessary for managing day-to-day processes and operating systems. PowerShell provides easy access to data stores, such as the certificate and registry stores, and it comes with a fully developed scripting language. It connects to remote systems, and can also be used to make unauthorized internet connections and establish backchannels for command and control. As a result, PowerShell is often a tool of choice for “living off the land” cyber-attacks.