Docs: Reword PowerShell exploiter documentation

docs/content/reference/exploiters/PowerShell.md

@@ -7,40 +7,49 @@ tags: ["exploit", "windows"]
 
 ### Description
 
-his exploiter uses brute-force to propagate to a victim through PowerShell
+This exploiter uses brute-force to propagate to a victim through PowerShell
 Remoting using Windows Remote Management (WinRM).
 
-More on [PowerShell Remoting
-Protocol]("https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1")
+See Microsoft's documentation for more on [PowerShell Remoting
+Protocol](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1)
 and [Windows Remote
-Management]("https://docs.microsoft.com/en-us/windows/win32/winrm/portal").
+Management](https://docs.microsoft.com/en-us/windows/win32/winrm/portal).
 
-### Implementation
 
-The exploit brute forces the credentials of PSRP with every possible
-combination of username and password that the user provides (see
-["configuration"]({{< ref "/usage/configuration" >}})).
+##### Credentials used
 
-#### Credentials list
+The PowerShell exploiter can be run from both Linux and Windows attackers. On
+Windows attackers, the exploiter has the ability to use the cached username
+and/or password from the current user. On both Linux and Windows attackers, the
+exploiter uses all combinations of the [user-configured usernames and
+passwords]({{< ref "/usage/configuration/basic-credentials" >}}). Different
+combinations of credentials are attempted in the following order:
 
-The PowerShell Remoting Client has ability to use the cached username or/and
-password from the system we are currently logged in. This means that the
-exploiter uses the following combination of credentials to propagate to the
-victim in the order written:
-
-1. Cached username and password; meaning that the client we use is going to
-   take the stored credentials from the system we are using to connect. In
-   order for the user to connect without entering username and password the
-   victim must have enabled basic authentication, http and no encryption on the
+1. **Cached username and password (Windows attacker only)** - The exploiter will
+   use the stored credentials of the current user to attempt to log into the
    victim machine.
 
-2. Cached password; brute-force with different usernames and stored password.
+1. **Brute force usernames with blank passwords** - Windows allows you to
+   configure a user with a blank/empty password. The exploiter will attempt to
+   log into the victim machine using each username set in the
+   [configuration]({{< ref "/usage/configuration/basic-credentials" >}}) with a
+   blank password.
 
-3. List of usernames and passwords set in the configuration.
+   In order for the attacker to connect with a blank password, the victim must
+   have enabled basic authentication, http and no encryption.
+
+1. **Brute force usernames with cached password (Windows attacker only)** - The
+   exploiter will attempt to log into the victim machine using each username
+   set in the [configuration]({{< ref "/usage/configuration/basic-credentials"
+   >}}) and the current user's cached password.
+
+1. **Brute force usernames and passwords** - The exploiter will attempt to use
+   all combinations of usernames and passwords that were set in the
+   [configuration.]({{< ref "/usage/configuration/basic-credentials" >}})
 
 
-#### Security considerations
+#### Securing PowerShell Remoting
 
-The security concerns, recommendations and best practices when using PowerShell
+Information about how to remediate security concerns related to PowerShell
 Remoting can be found
 [here](https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.1).