Tess Gauthier will be on stage for #PSConfEU 2026 in #Wiesbaden (1-4 June)! 🎙️ Authoring and using DSC v3 resources 🎙️ Automate your upstream sync with GitHub Copilot and PowerShell MCP 🎟️ Tickets: psconf.eu #automation #IT #PowerShell #Germany
#PowerShell
Quick, You Need Assistance!
A Microsoft Teams voice-phishing campaign leveraging Quick Assist, a remote administration tool, was tracked in September 2025. The campaign uses help desk scams to gain initial access, followed by user group enumeration and the execution of a PowerShell script to download a command and control payload. The attack employs AMSI bypass, encrypted communications, and a web-socket remote access trojan. Multiple Microsoft 365 tenants with IT-related subdomains were used, along with various IPs and domains for C2 infrastructure. The campaign shows similarities to Storm-1811 and PhantomCaptcha activities, suggesting a complex cybercrime ecosystem. The attackers' ultimate goal may be ransomware deployment, although observed attempts were successfully blocked.
Pulse ID: 698081e8c82411d000808025
Pulse Link: https://otx.alienvault.com/pulse/698081e8c82411d000808025
Pulse Author: AlienVault
Created: 2026-02-02 10:52:24
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CAPTCHA #CyberCrime #CyberSecurity #InfoSec #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RansomWare #RemoteAccessTrojan #Trojan #bot #AlienVault
Ölfirmen & Klimalügen
Lest doch bitte mal das Buch "KlimaLügen" von Stella Levantesi. https://www.jajaverlag.com/klimal%C3%BCgen/
Dort wird die Ölindustrie in allen Facetten mit der Tabakindustrie verglichen.
Außerdem werden viele Firmen der ÖlLobby und deren Machenschaften sehr genau beschrieben.
#ExxonMobil #SaudiAramco #Texaco #PowerShell #AmericanPetroleum #AmericanPetrolube #AmericanPetrol #Pemex #Repsol #Aral #BritishPetrol #Chevron #TotalEnegries #Conoco #Petronas #BASF #KKR #ÖlLobby
iX-Workshop: Windows Server absichern und härten
Lernen Sie, wie Sie Ihren Windows Server effektiv absichern und härten, Schutzmaßnahmen integrieren, Konfigurationen optimieren und Angriffsszenarien bewerten.
#Automatisierung #IT #iXWorkshops #PowerShell #Systemverwaltung #Windows #news
#PowerShell people: I'm looking for sample cases of assembly loading conflicts between two modules. I want to show practical steps to avoid the assembly conflict using local PSRemoting instead of runspaces. Bonus points if runspaces aren't practical in your scenario
Hahahah #Microsoft #Graph via any sort of #Powershell cesspool is utterly broken, especially to chisel #OneDrive drive_id out of wretched #Office365, but what does work? Shipping off an API call and jamming the response through jq, and poof. The answers! Hahahahaha Microsoft Graph is utter shit, but at least the API endpoint is compliant! The only thing that is. LOL. God, this awful world we've made for ourselves. I regret it all. LOL.
When Malware Talks Back
A sophisticated multi-stage malware campaign employs living-off-the-land techniques and in-memory payload delivery to evade security controls. The infection chain begins with a hidden batch file that executes an embedded PowerShell loader, which then injects Donut-generated shellcode into legitimate Windows processes. The final payload is a heavily obfuscated .NET framework implementing advanced anti-analysis techniques, credential harvesting, surveillance capabilities, and remote system control. Data exfiltration occurs via Discord webhooks and Telegram bots. The malware, identified as Pulsar RAT, features live chat functionality and background payload deployment, demonstrating a modern, high-evasion Windows malware operation designed for long-term access and large-scale data theft.
Pulse ID: 697c7ba66b8f43dd7b4370c5
Pulse Link: https://otx.alienvault.com/pulse/697c7ba66b8f43dd7b4370c5
Pulse Author: AlienVault
Created: 2026-01-30 09:36:38
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CredentialHarvesting #CyberSecurity #DataTheft #Discord #InfoSec #Malware #NET #OTX #OpenThreatExchange #PowerShell #RAT #ShellCode #Telegram #Windows #bot #AlienVault
PowerShell Weekly for January 30, 2026
Your favorite newsletter is here! PowerShell Weekly for January 30, 2026 is packed with the latest automation gems. Ready to boost your skills?
#PowerShell #Automation #TechNews
https://psweekly.dowst.dev/?p=8579
☁️ Manage your M365 tenant with automation done right.
@scoutmanpt.bsky.social@bsky.brid.gy showed how to combine AZRunbooks & PnP.PowerShell at #PSConfEU 2025.
Best practices, security, real-world demos.
#PowerShell #Microsoft365 #Automation #PnP youtu.be/VDEerY0jU_M?si=gL5...
- YouTube
Dew Drop Weekly Newsletter 468 - Week Ending January 30, 2026
#dewdrop #newsletter #aspnetcore #javascript #css #xaml #windowsdev #dotnet #csharp #ai #mcp #devops #agile #appdev #podcasts #IoT #m365 #data #sqlserver #azure #powershell
@allwayshype.com will be on stage for #PSConfEU 2026 in #Wiesbaden (1-4 June)! 🎙️ From ConfigMgr to Manager of Configs 🎙️ IntuneStack - a CI/CD PowerShell workflow for managing Intune policy 🎟️ Tickets: psconf.eu #automation #IT #PowerShell #Conference #Europe #Germany
Dissecting UAT-8099: New persistence mechanisms and regional focus
UAT-8099, a threat actor targeting vulnerable IIS servers across Asia, has launched a new campaign from late 2025 to early 2026. The group's tactics have evolved, focusing on Thailand and Vietnam, and employing web shells, PowerShell scripts, and the GotoHTTP tool for remote access. New variants of BadIIS malware now include region-specific features, with separate versions targeting Vietnam and Thailand. The actor has expanded their toolkit to include utilities for log removal, file protection, and anti-rootkit capabilities. They've also adapted their persistence methods, creating hidden user accounts and leveraging legitimate tools to evade detection. The campaign demonstrates significant operational overlaps with the WEBJACK campaign, including shared malware hashes, C2 infrastructure, and victimology.
Pulse ID: 697b96e2955f456977e00c46
Pulse Link: https://otx.alienvault.com/pulse/697b96e2955f456977e00c46
Pulse Author: AlienVault
Created: 2026-01-29 17:20:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #CyberSecurity #HTTP #ICS #InfoSec #Malware #OTX #OpenThreatExchange #PowerShell #RAT #Rootkit #SMS #Thailand #Vietnam #bot #AlienVault
Retrieve Installed Windows Updates with PowerShell | https://techygeekshome.info/installed-windows-updates-powershell/?fsp_sid=28871 | #Guide #Powershell #refresh #WindowsUpdates
https://techygeekshome.info/installed-windows-updates-powershell/?fsp_sid=28871
Retrieve Installed Windows Updates with PowerShell | https://techygeekshome.info/installed-windows-updates-powershell/?fsp_sid=28870 | #Guide #Powershell #refresh #WindowsUpdates
https://techygeekshome.info/installed-windows-updates-powershell/?fsp_sid=28870
SCSM - Deleting Individual Items | https://techygeekshome.info/scsm-deleting-individual-items/?fsp_sid=28835 | #Guide #Powershell #SCSM #Windows
https://techygeekshome.info/scsm-deleting-individual-items/?fsp_sid=28835
SCSM - Deleting Individual Items | https://techygeekshome.info/scsm-deleting-individual-items/?fsp_sid=28834 | #Guide #Powershell #SCSM #Windows
https://techygeekshome.info/scsm-deleting-individual-items/?fsp_sid=28834
Dissecting UAT-8099: New persistence mechanisms and regional focus
UAT-8099's latest campaign from August 2025 to early 2026 targets vulnerable IIS servers across Asia, focusing on Thailand and Vietnam. The threat actor employs web shells, PowerShell scripts, and the GotoHTTP tool for remote access. New BadIIS variants are customized for specific regions, with enhanced persistence mechanisms and SEO fraud tactics. The malware now includes features like hardcoded target regions, exclusive file extensions, and the ability to load HTML templates. A Linux ELF variant of BadIIS was also identified. The campaign shows significant operational overlaps with the WEBJACK campaign, including shared malware hashes, C2 infrastructure, and victimology.
Pulse ID: 697b57759a314f33d84f3b73
Pulse Link: https://otx.alienvault.com/pulse/697b57759a314f33d84f3b73
Pulse Author: AlienVault
Created: 2026-01-29 12:49:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #CyberSecurity #ELF #HTML #HTTP #ICS #InfoSec #Linux #Malware #OTX #OpenThreatExchange #PowerShell #RAT #SMS #Thailand #Vietnam #bot #AlienVault
System Center Operations Manager Invalid Management Group Removal | https://techygeekshome.info/system-center-operations-manager-invalid-management-group-removal/?fsp_sid=18517 | #Guide #Microsoft #Powershell #SCOM #SCORCH #Servers
https://techygeekshome.info/system-center-operations-manager-invalid-management-group-removal/?fsp_sid=18517
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst