Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes that the biggest trend in the last few years is the use of Non-Malware attacks.
There are a few reasons why we see increased use of scripting language based malwares:
- Some of them are installed by default on every Windows operating system.
- They’re hard to detect because they leverage legitimate tools to perform malicious activity.
- Shell-based attacks have the ability to exist only in memory.
Also, you will find a useful tool, called Get-ShellContent, which is available for download from the author’s GitHub.