What capability does PowerShell provide to attackers regarding code injection?

PowerShell is a powerful scripting language and command-line shell that provides attackers the capability to perform code injection into processes without the need for disk storage. This allows malicious payloads to be executed directly in memory, which can evade traditional file-based defenses such as antivirus software that scans for malicious files on disk.

By injecting code into a running process, attackers can execute malicious commands and scripts without leaving a trace on the file system. This technique is often used to bypass security measures because there are no files to detect on disk, making it more challenging for security systems to uncover the attack. This memory-based execution can also facilitate more advanced attacks, such as establishing persistence or lateral movement within a network, as it often exploits legitimate system processes to disguise malicious activity.

The other options do not accurately reflect the capabilities PowerShell provides regarding code injection. For example, the ability to allow code execution from RAM only does not encapsulate the broader functionality involved in injection techniques. Preventing malware from being stored on hard drives and encrypting malicious code before execution are processes that do not align with the core functionality related to code injection through PowerShell.