A group of information security professionals that does active directory audits recently noticed that they are repeating themselves over and over again. So, the...
Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html) Over the past several years we witnessed a myriad of...
Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers (although probably also useful for sysadmins) which sifts through the...
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715...
The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is...
Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a...
Invoke-MacroCreator is a powershell Cmdlet that allows for the creation of an MS-Word document embedding a VBA macro with various payload delivery...
Powerdown the PowerShell Attacks : Harnessing the power of logs to monitor the PowerShell activities Lately, I have been working on analyzing...
A Dangerous Necurs malware evolving again and spreading via new email campaign by Necurs bots or hacked web servers and mainly taking...
ACLight is a tool for discovering privileged accounts through advanced ACLs (Access Lists) analysis. It includes the discovery of Shadow Admins in...
PowerShell continues to be the tool of choice for defenders, IT administrators, and hackers. The extensibility, support, and ability to have a...
Embedding a shortcut (.lnk file) which points to powershell (accompanied by an encoded command) in a word document or zip file is...
Just over one year ago (November 2015), I released WMIOps, a PowerShell script that enables a user to carry out different actions...
Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about...
Once the province of nation-sponsored hackers, in-memory malware goes mainstream. Two years ago, researchers at Moscow-based Kaspersky Lab discovered their corporate network...
We know that PowerShell is open source. It is now available for both Linux and Mac. You can download the official packages from...
Short Bytes: Microsoft has open sourced the code of its command line shell and scripting language PowerShell, bringing this automation framework to Linux and...
Crooks are always creating new ways to improve the malware they use to target bank accounts, and now Brazilian bad guys have...
Short Bytes: Microsoft has made the official announcement that it’s open sourcing PowerShell. As a result, the company has released the required...
Short Bytes: You might not know but PowerShell, the ubiquitous force running behind the Windows environment, is slowly becoming a secure way...
PowerShell scripts seen in around 38% of malware incidents. Microsoft’s PowerShell task automation framework is becoming one of the most popular tools for...