Attackers thrive off using OS native tools when penetrating a system– this is effective as these tools offer a wide range of capabilities, while also being difficult to monitor. Defenders struggle using OS native tools, as these tools have many legitimate uses, thus leading to false positives. Powershell, a Windows native tool, offers an opportunity to cut through the noise and distinguish between attacks and regular system operations.
