Skip to main content
Cyber Defense TacticsCyber Defense Tactics
HomeLearnResourcesBlogCommunity
Cyber Defense TacticsCyber Defense Tactics

Learn defensive security, leverage AI for cyber defense, and join a community of security professionals.

Learning

  • Blog
  • Resources
  • Newsletter

Community

  • Discord
  • YouTube
  • About

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Cyber Defense Tactics. All rights reserved.

A Carbene.AI Project

Back to ATT&CK Hub
T1059

Command and Scripting Interpreter

Execution
Featured

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces include PowerShell, Bash, Python, and more.

View on MITRE ATT&CK

Real-World Example

PowerShell is commonly used by ransomware groups like Ryuk to execute encoded commands, disable security tools, and move laterally.

Defense Strategies

  • Script block logging
  • Constrained Language Mode for PowerShell
  • Application whitelisting
  • Disable unnecessary scripting engines
  • Monitor script execution policies

Detection Methods

  • Enable enhanced PowerShell logging
  • Monitor for encoded commands
  • Track process creation with command lines
  • Detect obfuscation patterns

Related Techniques in Execution

T1204

User Execution

Ready to explore more techniques and join the community?