Of all the attack techniques that are part of MITRE’s Adversarial Tactics Techniques and Common Knowledge (ATT&CK) framework, PowerShell is the most popular among threat actors, new research by Red Canary shows. Other common MITRE ATT&CK techniques include scripting, Regsvr32, connection proxy, spear phishing attachments and masquerading.

PowerShell is a very powerful Microsoft tool that can be abused by attackers to take control of vulnerable systems without having to install malware onto those computers. This strategy is also known as living-off-the-land.

According to Red Canary, “PowerShell is here to stay for administrators and adversaries alike, and those organizations that learn to defend against malicious uses of it will have a distinct advantage.”

Read more: Hackers Are Loving PowerShell, Study Finds