Never underestimate a properly caffeinated user and a little PowerShell knowledge ☕🔑😆

Day 99💃 Network Forensics Lab where I reconstructed a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics & IOCs. Almost ran the malware file on my laptop😭#100DaysOfCyberSecurity

If you're looking for ideas for a useful (and maybe a little fancy) PowerShell profile, feel free to copy any or all of mine! It is now on my public PowerShell repository on GitHub. 🧑‍💻 https://t.co/Vo78zgGcYN

While investigating NTUSER.DAT and SYSTEM registry hives, I uncovered malware persistence via obfuscated PowerShell in Run keys and a fake svchost.exe scheduled as a hidden task. YARA signatures identified the payload as a variant of AresLoader.

Normally I use patch_review.py for my monthly reporting on patch Tuesday patches. @KevTheHermit did an amazing job with it. But since I'm more of a PowerShell guy, I finally came around and moved the codebase to ps1. If you like #PowerShell feel free: https://t.co/nzJ0eP2ayC

ويندوز 10 بينتهي 😱😱😱😱 المهم 1- موقع https://t.co/zkJek0bP2X و انسخ 2- كلك يمين على زر الويندوز بشريط المهام ثم Powershell Admin، كلك يمين للصق الرابط ثم تطلع صفحة cmd (لاتخاف)، اضغط رقم 3 في ذيك الصفحة 3-اضغط رقم 2 بالصفحة اللي تطلع بعدها 4-مبروك عندك التحديثات

u would expect that from uninstalling an old app on windows that it would uninstall the entire thing but NOW you have to MANUALLY LOOK EVERWHERE TO UNINSTALL VOICEMEETER BUT YET YOU HAVE NO LUCK ON IT. I TRIED COMMAND PROMPT, POWERSHELL, UNINSTALLING IT VIA AUTORUN, NOTHING...

Copilot & SharePoint Magic with Org Asset Libraries! Copilot will query the organizational asset library for associated images if prompts include "brand" or "enterprise". #SharePoint #Copilot #organizationalassets #microsoft365 #powershell

Master PowerShell for full domain takeover! Learn AMSI bypass, Mimikatz credential dumping, privilege escalation with PowerUp, and NTDS extraction. https://t.co/HnaoSSMplq @three_cube

New Post: The legendary @MrGranfeldt PowerShell Management Agent for Microsoft Identity Manager & Entra Provisioning Service ECMA On-Premise capability now supports PowerShell 7. https://t.co/UjRQgoGP5Y

PowerShell module for automating and customizing Windows settings

The system was infected by fileless malware leveraging wmic and reflective DLL injection. Malicious PowerShell ran entirely in memory, leaving no disk artifacts. Analysis of memory dumps revealed a hidden backdoor. Volatility confirmed injected threads and encoded PowerShell code

Gemini CLI is a game-changer. 🤖 It turns natural language into PowerShell commands, powered by AI. 🔒 Automate security scans (SQLi, Pentest with Kali) 🤖Build AI agents for research 👨‍💻Generate full web apps with a single command Just stop writing complex scripts ! #AI

Blog post: Unpacking the Microsoft #Intune MDM and Entra ID Certificate https://t.co/vVJJWc0QrW #PowerShell

Powershell & WMI Abuse Day 9 of Cybersecurity Awareness Month link - https://t.co/xI9r7JKpHk #cybersecurityawarenessmonth #senselearner

PowerShell 7 Support Arrives for the Granfeldt PowerShell Management Agent

Did you know, you can convert the Source of Authority of your Hybrid users to Microsoft Entra today? Here is how > https://t.co/ys1Xe5yrzS⭐ Using PowerShell, you can set 𝐢𝐬𝐂𝐥𝐨𝐮𝐝𝐌𝐚𝐧𝐚𝐠𝐞𝐝 property on your user to 𝐓𝐫𝐮𝐞, which enables you to fully manage your user

ThreatLabz discovered a multi-stage ClickFix campaign likely affiliated with the Russia-linked APT group COLDRIVER targeting members of Russian civil society. The campaign led to a new downloader, BAITSWITCH, & a new PowerShell-based backdoor, SIMPLEFIX. https://t.co/SauG1RQEui

PowerShell tools for applying and managing Windows security settings