- Apr 5, 2021
- 621
An article was referenced in another forum on how PS Constrained language mode can be bypassed by using a command to utilize and older PS v2.0 :
I've used Group Policy to remove it. Any thoughts on this?
Mitigating PowerShell risks with Constrained Language mode
PowerShell is a robust tool that can control almost all components of Windows and applications such as Exchange. It can therefore cause great damage in the hands of attackers. Its Constrained Language mode blocks dangerous features, thereby preventing misuse.
4sysops.com
Constrained Language mode was introduced with PowerShell 3.0 and can easily be bypassed by a hacker switching to an older version. All he would need to do is enter the command:
powershell.exe -version 2.0
I've used Group Policy to remove it. Any thoughts on this?