Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Administered by:

Server stats:

8.1K
active users

mastodon.world: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#powershell

24 posts22 participants1 post today
OTX Bot

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

A malware campaign utilizing malvertising has been distributing PS1Bot, a sophisticated multi-stage framework implemented in PowerShell and C#. PS1Bot features modular design, enabling information theft, keylogging, reconnaissance, and persistent system access. The malware minimizes artifacts and uses in-memory execution techniques for stealth. Active since early 2025, PS1Bot's information stealer targets cryptocurrency wallets and employs wordlists to identify files containing passwords and seed phrases. The campaign overlaps with previously reported Skitnet activities and uses similar C2 infrastructure. Delivery involves compressed archives with obfuscated scripts, leading to PowerShell modules for antivirus detection, screen capture, data theft, keylogging, and system information collection. Persistence is established through startup directory manipulation.

Pulse ID: 689bb3c9004eca543a36d5fc
Pulse Link: otx.alienvault.com/pulse/689bb
Pulse Author: AlienVault
Created: 2025-08-12 21:36:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#DataTheft#InfoSec
me·ta·phil, der

Phew! 🥳 This little #powershell gem saved my ass today when I tried to migrate a #Signal Desktop install to another Windows PC.
(Not a thing officially supported by @signalapp)

The database encryption key itself is device-specifically encrypted using the „Data Protection API“ (haha) #DPAPI, so signal can't decrypt it on the new machine.

Using a legacy parameter, you can put the unencrypted key on the old machine, transfer it to the new one and have it re-encrypted.

github.com/MatejKafka/PSSignal

OTX Bot

From ClickFix to Command: A Full PowerShell Attack Chain

A targeted intrusion campaign impacting Israeli organizations has been identified, leveraging compromised internal email infrastructure to distribute phishing messages. The attack uses a multi-stage, PowerShell-based infection chain, culminating in the delivery of a remote access trojan (RAT). Key characteristics include a full PowerShell-based delivery chain, obfuscated payloads, evidence of lateral movement, and potential overlap with MuddyWater campaigns. The attack begins with phishing emails, progresses through a spoofed Microsoft Teams page, and uses social engineering to execute malicious PowerShell commands. The payload retrieves additional data, deploys a RAT, and establishes communication with a command and control server. The campaign demonstrates the effectiveness of living-off-the-land techniques, layered evasion, and adaptive C2 communication.

Pulse ID: 689a0c58a01e2faa99b998b7
Pulse Link: otx.alienvault.com/pulse/689a0
Pulse Author: AlienVault
Created: 2025-08-11 15:29:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Email#ICS
iX Magazin

iX-Workshop: Windows Server absichern und härten

Lernen Sie, wie Sie Ihren Windows Server effektiv absichern und härten, Schutzmaßnahmen integrieren, Konfigurationen optimieren und Angriffsszenarien bewerten.

heise.de/news/iX-Workshop-Wind

heise online · iX-Workshop: Windows Server absichern und härtenBy Ilona Krause
#Automatisierung#IT#iXWorkshops
:archlinux:

Grrrr DevOps Pipeline... first major crash 😤
Microsoft warned us, but no one really noticed… 😅
They upgraded Az.Accounts from v4 to v5: Get-AzAccessToken now returns a SecureString instead of a plain string.
Legacy code broke in prod 💥
Lesson: never ignore hidden warnings.
Fix: use -AsPlainText or update token handling.

wiki.lli.be/index.php/Grrrr_De
#DevOps #Azure #PowerShell #crash

wiki.lli.beGrrrr DevOps Pipeline... first major crash 😤 - wikili
OTX Bot

CoinMiner Attacks Exploiting GeoServer Vulnerability

A critical remote code execution vulnerability (CVE-2024-36401) in GeoServer has been actively exploited by threat actors to install CoinMiner malware. The attacks target both Windows and Linux environments with unpatched GeoServer installations. In South Korea, attackers exploited the vulnerability to execute PowerShell commands, installing NetCat for remote access and XMRig for cryptocurrency mining. The attack process involves downloading malicious scripts, terminating competing miners, and establishing persistence through Cron jobs. The threat actors use pool.supportxmr.com for mining Monero coins and can potentially perform additional malicious activities using the installed NetCat.

Pulse ID: 68962f0d60d5de6c3ecb055f
Pulse Link: otx.alienvault.com/pulse/68962
Pulse Author: AlienVault
Created: 2025-08-08 17:08:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CoinMiner#CyberSecurity#InfoSec
OTX Bot

Unveiling a New Variant of the DarkCloud Campaign

A new DarkCloud campaign was observed in July 2025, targeting Windows users with a sophisticated infection chain. The attack begins with a phishing email containing a RAR archive, which leads to the execution of obfuscated JavaScript and PowerShell code. This code downloads and deploys a fileless .NET DLL, which in turn downloads and injects the DarkCloud payload into a legitimate Windows process. The DarkCloud variant, written in Visual Basic 6, employs anti-analysis techniques and collects sensitive information from various sources, including web browsers, email clients, and FTP clients. The stolen data is exfiltrated via SMTP. The campaign demonstrates advanced evasion techniques and targets a wide range of user credentials and personal information.

Pulse ID: 689603fb45b4df2572916578
Pulse Link: otx.alienvault.com/pulse/68960
Pulse Author: AlienVault
Created: 2025-08-08 14:04:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Browser#Cloud#CyberSecurity
USB Type-Steve :verified:

Explaining things to a #powershell newbie is exhausting, in part because of Microsoft. There are THREE (possibly four) versions of PowerShell that you can get caught up in - there's Windows PowerShell, Powershell (pwsh), Isolated PowerShell via VSCode, and (I think) Isolated Windows PowerShell via VS Code when you open Isolated PowerShell via VSCode and type "powershell" and press enter. All of these use different profile files, and have various degrees of settings drift as well as their own bugs and quirks. #pwsh #stopthemadness #Microsoft

pwshguy (mdowst)

PowerShell Weekly for August 8, 2025

programming.dev/post/35307957

programming.devPowerShell Weekly for August 8, 2025 - programming.dev## Announcements! - Introducing MCP Support in AI Shell Preview 6 [https://devblogs.microsoft.com/powershell/preview-6-ai-shell/] We’re excited to share the latest preview release of AI Shell that includes new features and improvements based on your feedback. ## Blogs, Articles, and Posts - How Microsoft Graph PowerShell SDK Access Tokens Work [https://office365itpros.com/2025/08/04/access-token-graph-sdk/] If you use the Microsoft Graph PowerShell SDK, you don’t need to worry about obtaining an access token because SDK cmdlets include automatic token management. Although you don’t need to know the details of the access token used in an SDK session, it’s possible to find and examine its contents, and even use the token with a Graph request. It’s a nice to know thing that you’ll never need in practice. - PowerShell Find All Files With Extension [https://www.spguides.com/powershell-find-all-files-with-extension/] Ever found yourself needing to quickly list every .pdf or .xlsx file scattered across hundreds of folders on your Windows laptop? PowerShell helps find every file with a particular extension—no matter where it’s hiding. In this tutorial, I will explain how to find all files with extensions using PowerShell with examples. - Investigating Document Exfiltration with the Graph Activity Log [https://practical365.com/investigating-document-exfiltration-with-the-graph-activity-log/] In this installment of our Graph Activity Log series, we’ll provide a practical playbook for using the Graph Activity Log and Kusto Query Language (KQL) to hunt for indicators of document exfiltration. - Linking all required resources to Nerdio via PSNerdio [https://www.nielskok.tech/nerdio/linking-all-required-resources-to-nerdio-via-psnerdio/] Second part of the series! This part is about linking all required resources to nerdio via PSNerdio. So, in the previous part of this series I mentioned that the PowerShell module created by Nerdio needs some love. I wanted to link my resourcegroups to Nerdio and that CMDlet was not working. - Exploring the PowerShell Gallery using PSGalleryExplorer [https://powershellisfun.com/2025/08/01/exploring-the-powershell-gallery-using-psgalleryexplorer/] The PowerShell Gallery is the primary source for downloading most of your modules. You can search and find information about them using the website or… By using the PSGalleryExplorer module from Jake Morison :) In this blog post, I will show you how to use it. - Timing Scripts [https://claytonerrington.com/blog/timing-scripts/] How to manage time effectively in scripts ## Projects, Scripts, and Modules - GenXdev.Queries v 1.236.2025 [https://github.com/genXdev/GenXdev.Queries] A Windows PowerShell module for finding resources and information on the internet - PowerShellWeb Turtle [https://github.com/PowerShellWeb/Turtle] I implemented Turtle in#PowerShell, so now we can draw shapes and fractals in PowerShell. ## Books, Media, and Learning Resources - LAPS Password Not Stored in Intune [https://www.youtube.com/watch?v=5Hp31WUxyA0] Generate Missing LAPS Password Report ## Community - From EntraAuth to PSConfEU with Fred Weinmann [https://powershellpodcast.podbean.com/e/from-entraauth-to-psconfeu-with-fred-weinmann/] In this episode of the PowerShell Podcast, host Andrew Pla reunites with PowerShell legend Fred, diving deep into productivity with hotkeys and key bindings, EntraAuth, C# integration, and community reflections from PowerShell Conference EU. Fred shares practical advice for improving your daily workflow, how to extend PowerShell with C#, and why participation in the community—whether through conferences or contributing modules—can be a game-changer for your career. ## Events - Watch Live: Visual Studio Toolbox at VS LIVE! Redmond 2025 [https://devblogs.microsoft.com/visualstudio/watch-live-visual-studio-toolbox-at-vs-live-redmond-2025/] On Tuesday, August 5, join us for a special edition of Visual Studio Toolbox Live—broadcast from VS LIVE! - PowerShell + DevOps Global Summit 2026 Call for Proposals (CFP) [https://sessionize.com/pshsummit26] We are thrilled to invite you to submit your session proposals for the 2026 PowerShell + DevOps Global Summit, taking place in Bellevue, WA, from April 13-16, 2026. This Summit is the premier event for PowerShell and DevOps professionals, offering a unique opportunity to share knowledge, solve problems, socialize, and network with peers. Whether you’re an Automater, Integrator, Problem-Solver, Tinkerer, Scripter, or Tech Wizard, this event is for you!  Check out psweekly.dowst.dev [https://psweekly.dowst.dev/] for all past editions as well as a searchable archive.
#powershell
OTX Bot

New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer

Unit 42 researchers have observed changes in the distribution and obfuscation techniques of DarkCloud Stealer. The new infection chain, first seen in April 2025, involves ConfuserEx obfuscation and a final payload written in Visual Basic 6. The attack begins with a phishing email containing an archive file, which leads to the download and execution of a PowerShell script. This script then drops an executable protected by ConfuserEx, which ultimately injects the DarkCloud Stealer payload into a legitimate process. The malware employs various anti-analysis techniques, including encryption and obfuscation of strings. These changes highlight the evolving evasion strategies of cybercriminals and underscore the need for advanced, behavior-based threat detection approaches.

Pulse ID: 6895aeaa72538302a5d75512
Pulse Link: otx.alienvault.com/pulse/6895a
Pulse Author: AlienVault
Created: 2025-08-08 08:00:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Cloud#CyberSecurity#Email
TrendingLive feeds
About