hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.7K
active users

#powershell

38 posts27 participants0 posts today

(trendmicro.com) A Deep Dive into Water Gamayun's Arsenal and Infrastructure trendmicro.com/en_us/research/

Executive Summary:
This research provides a comprehensive analysis of Water Gamayun (also known as EncryptHub and Larva-208), a suspected Russian threat actor exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console. The threat actor employs sophisticated delivery methods including malicious provisioning packages, signed MSI files, and Windows MSC files to deploy multiple custom payloads. Their arsenal includes custom backdoors (SilentPrism and DarkWisp), multiple variants of the EncryptHub Stealer, and known malware like Stealc and Rhadamanthys. The research details the C&C infrastructure, data exfiltration techniques, and persistence mechanisms used by the group. Trend Micro researchers gained access to the C&C server components, enabling them to analyze the architecture, functionality, and evasion techniques employed by the threat actor.

Trend Micro · A Deep Dive into Water Gamayun's Arsenal and InfrastructureTrend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.

Создание подписанного TLS сертификата с помощью OpenSSL и PowerShell

Скорее всего, если вы нашли эту статью не через поиск - вам она вряд ли понравится. Тут рассматривается решение конкретной задачи для конкретных нужд. Привет, Хабр и читатели! В своей прошлой статье про написание скрипта на PowerShell для отслеживания сроков действия сертификатов я упоминал о том, что, по роду своей нынешней деятельности, мне очень часто приходится разворачивать разные сервисы. Практически все современные сервисы требуют сертификаты безопасности для обмена данными. В этой статье-туториале я расскажу, как создать скрипт на PowerShell, который позволит (и упростит) создавать сертификаты субъекта для сервисов, подписанные вышестоящим root сертификатом, а также будет упаковывать ключи в формат .pfx, создавать цепочку .pem. Статья будет в виде подробного туториала, чтобы охватить как можно больше аудитории (а она разная) и в основном для тех, кто будет это делать впервые и ещё слабо знаком с OpenSSL и PowerShell. Конкретная демонстрация работы скрипта показана в самом конце статьи с помощью GIFки, и там же (в конце) я поделился полным скриптом. Начнём разбираться? Займёмся делоv

habr.com/ru/articles/891416/

ХабрСоздание подписанного TLS сертификата с помощью OpenSSL и PowerShellСкорее всего, если вы нашли эту статью не через поиск - вам она вряд ли понравится. Тут рассматривается туториал для решения конкретной задачи и конкретных нужд. Привет, Хабр и читатели! В своей...

PowerShell Weekly for March 28, 2025

programming.dev/post/27668001

programming.devPowerShell Weekly for March 28, 2025 - programming.dev## Announcements! - Docker images containing PowerShell now maintained by the .NET team [https://github.com/PowerShell/Announcements/issues/75] For years, the PowerShell team has maintained official PowerShell Docker images. Moving forward, we are using the Docker images produced by the .NET team. ## Blogs, Articles, and Posts - Install IIS and PHP 8.x on Windows 11 and Server 2025 (Core) [https://4sysops.com/archives/install-iis-and-php-8x-on-windows-11-and-server-2025-core/] PHP is still available on Windows despite Microsoft no longer providing support for version 8.x. It can be integrated as a script engine into Internet Information Services (IIS), either through the graphical IIS Manager or via PowerShell, which is especially useful for Server Core installations. - Using Windows Terminal Chat with GitHub Copilot [https://4sysops.com/archives/using-windows-terminal-chat-with-github-copilot/] Terminal Chat enables the integration of GitHub Copilot, Azure OpenAI, and OpenAI’s AI services into Windows Terminal Canary. Through this experimental feature, you can request assistance from an AI for your PowerShell commands and directly execute the AI’s recommendations in the terminal. - AI-powered administration in the terminal without cutoff date using OpenAI GPT-4o Search in PowerShell and Warp [https://4sysops.com/archives/ai-powered-administration-in-the-terminal-without-cutoff-date-using-openai-gpt-4o-search-in-powershell-and-warp/] The GPT-4o Search model offers search engine functionality similar to ChatGPT Search or Perplexity when accessed via the OpenAI API. With the free OpenAI Python Library, you can enhance your terminal AI by adding online search features, overcoming the limitations of LLM cutoff dates, and eliminating the frustration of outdated instructions. - Artificial Intelligence, PowerShell, and Microsoft 365 Administration [https://office365itpros.com/2025/03/27/artificial-intelligence-and-powershell/?utm_source=rss&utm_medium=rss&utm_campaign=artificial-intelligence-and-powershell] Artificial Intelligence and PowerShell should be a good thing to help hard-pressed Microsoft 365 tenant administrators cope with common tasks. The early signs are there with Copilot in the Microsoft 365 admin center. However, the current state of the art depends on what’s gone before and can’t handle the kind of complex automation that tenants sometimes need, like generating a licensing report from Entra ID, product information, and license costs. - Launching Start Menu apps using PowerShell [https://powershellisfun.com/2025/03/21/launching-start-menu-apps-using-powershell/] Sometimes, you want to run a few applications as a different (Admin) user on your system. Usually, I do that by (Shift) Right-clicking applications, etc… In this small blog post, I will show you a simple way to start multiple applications using PowerShell, making life somewhat easier ;-) - Identify and Block Sign-in for Shared Mailboxes in Microsoft 365 [https://o365reports.com/2025/03/25/identify-and-block-sign-in-to-shared-mailbox-using-powershell/?utm_source=rss&utm_medium=rss&utm_campaign=identify-and-block-sign-in-to-shared-mailbox-using-powershell] Shared and resource mailboxes in Microsoft 365 are designed for collaboration, not for direct sign-ins. However, if sign-in remains enabled, attackers could exploit these accounts to bypass security policies, send unauthorized emails, or access confidential data—posing a serious compliance and security risk. - New MiToken Graph PowerShell module for multi-tenant apps [https://ourcloudnetwork.com/new-mitoken-graph-powershell-module-for-multi-tenant-apps/?utm_source=rss&utm_medium=rss&utm_campaign=new-mitoken-graph-powershell-module-for-multi-tenant-apps] Connect to multi-tenant apps using a managed identity using Microsoft Graph PowerShell with the MiToken PowerShell module. - Human Readable File Sizes in PowerShell [https://claytonerrington.com/blog/human-readable-file-sizes-in-power-shell/] Simple way to humanize a file size in powershell ## Projects, Scripts, and Modules - PSScriptTools v3.0.0 [https://github.com/jdhitsolutions/PSScriptTools/releases/tag/v3.0.0] A set of PowerShell functions you might use to enhance your own functions and scripts or to facilitate working in the console. Most should work in both Windows PowerShell and PowerShell 7, even cross-platform. - AiLogging v 2.0.5 [https://www.powershellgallery.com/Packages/AiLogging/2.0.5] Helper module for PowerShell developers that allows easy logging of script activity to Azure Application Insights ## Books, Media, and Learning Resources - PowerShell 20 Basic Commands and Their Uses - Izoate Tech [https://www.izoate.tech/blog/powershell-20-basic-commands-and-their-uses/] Learn the 20 basic PowerShell commands for beginners to manage files, processes, and system tasks efficiently with this easy-to-follow guide. - Automating Excel with PowerShell: Practical Tips from a Microsoft MVP [https://www.youtube.com/watch?v=zW9lsqrDCOc] Doug Finke, a 16-time Microsoft MVP and author of “PowerShell for Developers”, demonstrates how to streamline Excel report creation using his widely popular PowerShell module, ImportExcel, with over 11 million downloads. Doug shares straightforward methods for automating Excel tasks—from formatting and filtering data, to generating conditional formats, pivot tables, and charts—saving you valuable time and effort. You’ll also get practical examples for combining data from multiple sources, quickly reorganizing spreadsheets, and troubleshooting common Excel automation challenges. ## Community - How to Build an IT Career from the Ground Up with Kevin Apolinario (KevTech) [https://powershellpodcast.podbean.com/e/how-to-build-an-it-career-from-the-ground-up-with-kevin-apolinario-kevtech/] In this episode of the PowerShell Podcast, we welcome Kevin of KevTech IT Support, a well-known mentor and educator in the IT community. With a background in fast food and law enforcement, Kevin shares his inspiring journey into IT and how he leveraged mentorship, home labs, and community engagement to build a thriving career. We dive into help desk fundamentals, breaking into IT, career development, and Kevin helps give you a map to career success.Key topics in this episode include: ## Events - PowerShell + DevOps Global Summit 2025 [https://www.powershellsummit.org/] April 7-10, 2025 Bellevue, WA

Hey Mastodon, question for my #sysadmin and #DevOps types. Has anyone used #Pester and #PSScriptAnalyzer to set up unit testing for test driven development, particularly on (relatively) simple #PowerShell scripts like you might use for application detection, installation, and uninstallation from a system like #SCCM #Intune or #ManageEngine ?

Apologies for the buzzword bingo, but I’m trying to reach folks who may be following the hashtags, but not necessarily have a connection otherwise.

(talosintelligence.com) Gamaredon APT Targets Ukraine with Remcos Backdoor Using War-Themed Lures blog.talosintelligence.com/gam

Cisco Talos is tracking a campaign targeting Ukrainian users with malicious LNK files that deliver the Remcos backdoor. The campaign, attributed with medium confidence to the Gamaredon APT group, uses Russian-language lures related to troop movements in Ukraine. The attack chain involves LNK files that execute PowerShell code to download a ZIP file containing the Remcos backdoor, which is then executed through DLL side-loading techniques. The attackers use geo-fenced servers in Russia and Germany that restrict access to Ukrainian IP addresses. This represents a continuation of Gamaredon's targeting of Ukrainian entities, though their use of the commercial Remcos backdoor marks a shift from their typical custom tooling.

Cisco Talos Blog · Gamaredon campaign abuses LNK files to distribute Remcos backdoorCisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.

PowerChell is a very cool tool by @itm4n to bypass PowerShell security measures like AMSI, Script Block & Module Logging using ETW, Transcription, Execution Policy and Constrained Language Mode! Nothing fancy and new, but everything in a single unmanaged binary!

- Blog: blog.scrt.ch/2025/02/18/reinve
- GitHub: github.com/scrt/PowerChell

This made my job much easier in my latest pentest. So, THX!

blog.scrt.chReinventing PowerShell in C/C++ – SCRT Team Blog