CMD and PowerShell Control
Bodiless attacks are based on a simple idea: if the device already has tools capable of performing the hacker's tasks (for example, PowerShell.exe or wmic.exe), then why allocate special programs on it that can be recognized as malicious? If a hacker can take control of a process, run his code in the process's memory space, and use it to invoke tools that are already on the device, then the attack will be more difficult to detect.
Besides the unique Zero Trust technology, use whitelisting to control files, applications, scripts, macros. Applications to which the user shouldn’t have access, such as the command line cmd.exe, PowerShell, wmic.exe, ftp.exe are enough to prohibit their launch for specific users, AWP, user group, or AWP group, while the operation scripts just need to be whitelisted.