search

LEMON BLOG

AI-Generated PowerShell Scripts Are Making Active Directory Attacks Harder to Detect

Attackers are beginning to use generative AI for more than writing convincing phishing emails. Security researchers have now observed threat actors using AI-generated PowerShell scripts during real-world intrusions to examine and map Microsoft Active Directory environments.

Instead of downloading a well-known hacking tool that security products may already recognise, attackers can ask a large language model to produce a customised script for a specific task. The resulting code may perform the same reconnaissance as established offensive tools, but its unique structure, filename and hash can make conventional signature-based detection far less effective.

The Attack Began With Compromised Credentials

In the reported incident, the attacker did not begin with an advanced software exploit. Access was gained through compromised credentials and a Remote Desktop Protocol connection to a Windows Server.

Once inside the environment, the attacker executed a PowerShell script called Untitled1.ps1 on a domain-connected server. The script was designed to perform aggressive Active Directory reconnaissance, gathering details about domain controllers, user accounts, computers, groups and other domain objects.

The collected information was then organised into HTML and text reports, making it easier for the attacker to review the environment and plan the next stage of the intrusion.

This is an important reminder that many serious attacks begin with ordinary administrative access. When valid credentials are stolen, malicious activity may initially resemble the actions of a legitimate IT administrator.

Why Active Directory Is Such a Valuable Target

Active Directory is often the central identity and access-management system within a Windows enterprise environment. It keeps track of users, computers, security groups, permissions and relationships between systems.

For an attacker, mapping Active Directory can answer several critical questions:

This reconnaissance helps transform an initial foothold into a broader attack. Rather than moving randomly through the network, the threat actor can identify high-value accounts and systems before attempting privilege escalation, lateral movement or data theft.

What Makes the Script Appear AI-Generated

Researchers found several characteristics suggesting that the PowerShell code had been produced through AI-assisted "vibe coding."

These included excessive error handling, repetitive fallback routines, generic comments and placeholder values that had apparently been left unchanged. Such patterns are often seen when code is generated through conversational prompts and then used without extensive manual refinement.

The script may not have been elegant, but it did not need to be. Its purpose was simply to collect useful information while avoiding easy identification as a known offensive tool.

This highlights an uncomfortable reality: attackers do not require perfect software. A rough, AI-generated script can still be effective if it performs the intended task and escapes basic security checks.

Custom Code Can Avoid Traditional Signatures

Security tools have traditionally relied partly on known indicators such as filenames, malware hashes, command patterns and recognised tool signatures.

That approach works well when attackers repeatedly use familiar tools. For example, defenders may already have detection rules for common Active Directory reconnaissance frameworks or widely circulated PowerShell modules.

An AI-generated script creates a different challenge. Even when it performs similar actions, its code structure may be unique. It may use different variable names, rearranged functions, alternative commands or unusual error-handling routines.

As a result, there may be no known malicious hash or exact signature available when the script is first executed.

This does not make AI-generated malware invisible. It simply means defenders must pay closer attention to what the script is doing, rather than relying only on what the file is called or whether its hash appears in a threat database.

The Broader Attack Still Followed a Familiar Pattern

Although the reconnaissance script was likely AI-generated, the rest of the intrusion followed a conventional post-compromise sequence.

After mapping the Active Directory environment, the attacker introduced legitimate utilities, including s5cmd, which can interact with cloud object storage, and SharpShares, which can identify accessible network shares.

These tools may support further data discovery, collection and potential exfiltration.

The observed sequence involved:

Generative AI changed the tool used during one stage, but it did not fundamentally change the attacker's objective.

PowerShell Makes Malicious Activity Easier to Hide

PowerShell is widely used by administrators for configuration, automation, reporting and system management. Blocking it entirely is rarely practical, especially in larger Windows environments.

Attackers take advantage of this legitimate role.

A PowerShell process running on a Windows Server may not immediately appear suspicious. The same commands used by administrators to retrieve domain information can also be used by attackers to perform reconnaissance.

This technique is sometimes described as living off the land, where threat actors abuse trusted operating-system components and legitimate administrative tools rather than deploying obviously malicious software.

The challenge for defenders is to distinguish authorised administrative activity from unexpected or excessive discovery operations.

AI Lowers the Barrier for Less-Skilled Attackers

Creating a reliable reconnaissance tool once required a reasonable understanding of PowerShell, Windows administration and Active Directory.

Generative AI can reduce that barrier. An attacker may describe the information they want collected and ask an AI system to generate the required commands, error handling and reporting functions.

The output may still require testing or correction, but the attacker no longer needs to write every component from scratch.

This means less-experienced threat actors may be able to produce customised offensive scripts more quickly. They can also repeatedly regenerate the code, creating new variations that perform similar actions while looking different to signature-based security tools.

The reported activity is therefore concerning not because AI introduced a completely new attack method, but because it can make existing techniques faster, cheaper and more accessible.

Which Environments Face the Greatest Risk?

The observed activity targets organisations running Microsoft Active Directory on Windows Server.

Businesses with domain-joined Windows devices and remotely accessible services face greater risk when legitimate credentials are compromised. Exposed RDP services are particularly sensitive because they may give attackers direct interactive access to an internal server.

Risk increases when several weaknesses exist together, such as:

A single compromised account may become far more damaging when the environment lacks strong monitoring and segmentation.

Enable PowerShell Script Block Logging

One of the most important defensive measures is enabling PowerShell Script Block Logging.

This feature records the content of executed PowerShell commands and scripts under Windows Event ID 4104. It can help security teams investigate what a script attempted to do, even when the file itself has been renamed, deleted or generated specifically for one attack.

Logs should be forwarded to a central monitoring platform or Security Information and Event Management system. Keeping them only on the local server creates a risk that an attacker could delete or modify the evidence.

However, enabling logging is only the first step. Organisations also need alerting rules capable of identifying suspicious patterns, such as large-scale user enumeration, domain-controller discovery and automated queries across multiple Active Directory object types.

Restrict RDP and Require Multi-Factor Authentication

Remote Desktop should not be openly accessible from untrusted networks unless there is a compelling operational requirement.

Access should be limited through controls such as:

Multi-factor authentication should also be enforced so that a stolen password alone is not enough to establish a remote session.

Organisations should additionally review which accounts are permitted to use RDP. Standard users should not automatically receive remote access to servers, and privileged accounts should be protected with stronger controls.

Use EDR to Detect Abnormal Behaviour

Endpoint Detection and Response platforms can provide visibility beyond basic antivirus scanning.

A capable EDR solution may identify unusual relationships between events, such as:

These behaviours can reveal an intrusion even when the script has never been seen before. The advisory recommends using EDR tools that can detect abnormal PowerShell activity and Active Directory enumeration.

Monitor for Reconnaissance Reports and Administrative Tools

Security teams should watch for unexpected creation of HTML, text, CSV or other report files containing domain information.

An administrator may legitimately generate such reports, but the activity becomes suspicious when it occurs:

Monitoring should also cover legitimate tools commonly abused after compromise. The presence of a recognised utility is not automatically malicious, but its context matters.

A cloud-transfer program on an administrator's workstation may be normal. The same program appearing unexpectedly on a domain-connected server after extensive reconnaissance deserves immediate investigation.

Detection Must Focus on Actions, Not Just Files

The central lesson from this incident is that security teams cannot rely solely on fixed indicators.

A filename can change. A hash can be unique. AI can generate countless versions of a script while preserving its underlying objective.

The more durable approach is to detect behaviours such as:

The advisory specifically recommends behavioural detection methods that identify attacker actions instead of depending entirely on malware signatures and file hashes.

Final Thoughts

AI-generated attack scripts do not replace traditional cyberattacks. They make familiar techniques easier to customise and potentially harder to recognise using older detection methods.

In this case, the attacker still relied on compromised credentials, RDP access, PowerShell, Active Directory reconnaissance and legitimate administrative tools. The major difference was that the reconnaissance script appeared to be uniquely generated for the intrusion.

Organisations should respond by strengthening PowerShell logging, restricting remote access, enforcing multi-factor authentication and monitoring for abnormal Active Directory activity. Most importantly, defenders must look beyond filenames and hashes and focus on the sequence of actions occurring across the environment.

As attackers increasingly use AI to create disposable tools, understanding behaviour will become more valuable than recognising a particular piece of code.

Microsoft Uncovers GigaWiper Malware Combining Esp...
NSA Warns Organisations to Disable Cisco Smart Ins...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 16 July 2026

Captcha Image

LEMON VIDEO CHANNELS

Step into a world where web design & development, gaming & retro gaming, and guitar covers & shredding collide! Whether you're looking for expert web development insights, nostalgic arcade action, or electrifying guitar solos, this is the place for you. Now also featuring content on TikTok, we’re bringing creativity, music, and tech straight to your screen. Subscribe and join the ride—because the future is bold, fun, and full of possibilities!

My TikTok Video Collection