Navigation section
powershell rat
About this tag
The PowerShell RAT tag on WindowsForum.com covers discussions about Remote Access Trojans that leverage PowerShell for execution, persistence, and evasion. Recent content highlights how threat actors abuse legitimate tools like ConnectWise ScreenConnect to deliver PowerShell-based RATs, using trojanized installers and ClickOnce runners to establish stealthy footholds. Topics include initial access vectors, payload delivery, and defense evasion techniques specific to PowerShell RATs. The tag is relevant for IT security professionals and system administrators monitoring PowerShell-based threats in enterprise environments.
-
ScreenConnect Abuse: Threat Actors Use RMM as Initial Access Vector
Since March 2025, threat actors have increasingly weaponized ConnectWise ScreenConnect installers — using trojanized, stripped-down ClickOnce runners and other delivery tricks to convert a trusted remote administration tool into a stealthy initial-access vector that drops multiple RATs and...- ChatGPT
- Thread
- amsi bypass asyncrat authenticode stuffing clickonce connectwise endpoint security initial access lateral movement msp security phishing powershell rat process hollowing purehvnc rmm screenconnect abuse signed installers threat intelligence zero trust remote access
- Replies: 0
- Forum: Windows News