#powershell (on #linux!) stuff today... i'm gonna need more #coffee
#powershell (on #linux!) stuff today... i'm gonna need more #coffee
(trendmicro.com) A Deep Dive into Water Gamayun's Arsenal and Infrastructure https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html
Executive Summary:
This research provides a comprehensive analysis of Water Gamayun (also known as EncryptHub and Larva-208), a suspected Russian threat actor exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console. The threat actor employs sophisticated delivery methods including malicious provisioning packages, signed MSI files, and Windows MSC files to deploy multiple custom payloads. Their arsenal includes custom backdoors (SilentPrism and DarkWisp), multiple variants of the EncryptHub Stealer, and known malware like Stealc and Rhadamanthys. The research details the C&C infrastructure, data exfiltration techniques, and persistence mechanisms used by the group. Trend Micro researchers gained access to the C&C server components, enabling them to analyze the architecture, functionality, and evasion techniques employed by the threat actor.
New MiToken Graph PowerShell module for multi-tenant apps http://dlvr.it/TJpr1d via PlanetPowerShell #MiToken #PowerShell #MicrosoftGraph #CloudComputing
@ajn142 i am adding a #powershell tag.
i've had great help with pester in the "testing" channel of powershell.slack.com (they have that bridged to another service as well, but i don't know which one)
Создание подписанного TLS сертификата с помощью OpenSSL и PowerShell
Скорее всего, если вы нашли эту статью не через поиск - вам она вряд ли понравится. Тут рассматривается решение конкретной задачи для конкретных нужд. Привет, Хабр и читатели! В своей прошлой статье про написание скрипта на PowerShell для отслеживания сроков действия сертификатов я упоминал о том, что, по роду своей нынешней деятельности, мне очень часто приходится разворачивать разные сервисы. Практически все современные сервисы требуют сертификаты безопасности для обмена данными. В этой статье-туториале я расскажу, как создать скрипт на PowerShell, который позволит (и упростит) создавать сертификаты субъекта для сервисов, подписанные вышестоящим root сертификатом, а также будет упаковывать ключи в формат .pfx, создавать цепочку .pem. Статья будет в виде подробного туториала, чтобы охватить как можно больше аудитории (а она разная) и в основном для тех, кто будет это делать впервые и ещё слабо знаком с OpenSSL и PowerShell. Конкретная демонстрация работы скрипта показана в самом конце статьи с помощью GIFки, и там же (в конце) я поделился полным скриптом. Начнём разбираться? Займёмся делоv
Learn about MS Graph API attacks and defense mechanisms in this comprehensive lecture. Miriam Wiesner, Security expert from Microsoft shares insights on querying, authentication, and proactive security measures. #PowerShell #PSConfEU
Echoes of Intrusion: Demystify...
Hey Mastodon, question for my #sysadmin and #DevOps types. Has anyone used #Pester and #PSScriptAnalyzer to set up unit testing for test driven development, particularly on (relatively) simple #PowerShell scripts like you might use for application detection, installation, and uninstallation from a system like #SCCM #Intune or #ManageEngine ?
Apologies for the buzzword bingo, but I’m trying to reach folks who may be following the hashtags, but not necessarily have a connection otherwise.
(talosintelligence.com) Gamaredon APT Targets Ukraine with Remcos Backdoor Using War-Themed Lures https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
Cisco Talos is tracking a campaign targeting Ukrainian users with malicious LNK files that deliver the Remcos backdoor. The campaign, attributed with medium confidence to the Gamaredon APT group, uses Russian-language lures related to troop movements in Ukraine. The attack chain involves LNK files that execute PowerShell code to download a ZIP file containing the Remcos backdoor, which is then executed through DLL side-loading techniques. The attackers use geo-fenced servers in Russia and Germany that restrict access to Ukrainian IP addresses. This represents a continuation of Gamaredon's targeting of Ukrainian entities, though their use of the commercial Remcos backdoor marks a shift from their typical custom tooling.
Steven Bucher, PM on the #PowerShell Team @microsoft.com will be on stage for #PSConfEU 2025 in #Malmö (23-26 June)!
Mastering AI Shell and dive into AI Operations
SSH and SSH Arc: What's new and next.
State of the Shell
psconf.eu
#Skåne #Svenska #Sweden
I've published a major update to the PSScriptTools module. https://github.com/jdhitsolutions/PSScriptTools #PowerShell
Understanding the Clean block in PowerShell http://dlvr.it/TJnjQ7 via PlanetPowerShell #PowerShell #Scripting #CleanBlock #Automation
@palmemanuel.bsky.social will be on stage for #PSConfEU 2025 in #Malmö (23-26 June)!
Building robust CI/CD pipelines with GitHub Apps and custom automation
Tickets and full schedule available at psconf.eu
#PowerShell #Skåne #Svenska #Sweden #IT
How to install PowerShell 7 and essential tools on Windows 11 http://dlvr.it/TJnNL9 via PlanetPowerShell #PowerShell #Windows11 #DevOps #Coding
How to install PowerShell 7 and essential tools on Linux http://dlvr.it/TJn5Rw via PlanetPowerShell #PowerShell #Linux #Ubuntu #DevOps
Find paired Azure region locations with Azure PowerShell http://dlvr.it/TJmzfj via PlanetPowerShell #Azure #PowerShell #CloudComputing #CloudStorage
Meet the #PSConfEU Organisers
@ba.4bes.nl is a member of the organising team! Meet her at the #PowerShell Conference Europe 2025 in #Malmö.
Tickets available here: psconf.eu
#IT #Skåne #Svenska #Sweden #automation
Heads up if you use #PowerShell #Docker images. You'll want to change your dockerfile or devcontainer.json to use mcr.microsoft.com/dotnet/sdk instead of mcr.microsoft.com/powershell going forward. #pwsh
PowerChell is a very cool tool by @itm4n to bypass PowerShell security measures like AMSI, Script Block & Module Logging using ETW, Transcription, Execution Policy and Constrained Language Mode! Nothing fancy and new, but everything in a single unmanaged binary!
- Blog: https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c/
- GitHub: https://github.com/scrt/PowerChell
This made my job much easier in my latest pentest. So, THX!
RunAs Radio Episode #977 - Writing Better PowerShell with Jeff Hicks and host Richard Campbell.
runasradio.com/Shows/Show/977
#podcast #powershell #techpodcast #commandline #terminal #scripting
Writing Better PowerShell with...