PowerShell – WindowsTechs.com

Ymir: new stealthy ransomware in the wild

Posted on November 11, 2024 by Cristian Souza, Ashley Muñoz, Eduardo Ovalle

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims. Continue reading Ymir: new stealthy ransomware in the wild→

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Posted on October 29, 2024 by Vasily Kolesnikov

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. Continue reading Lumma/Amadey: fake CAPTCHAs want to know if you’re human→

How to check if File and Folders exists using PowerShell

Posted on October 23, 2024 by AshishMohta@TWC

Managing files and folders is a crucial part of many automation tasks, and you can do it efficiently via PowerShell. PowerShell allows you to perform various tasks. One such thing is the ability to check whether files and folders exist on your system. … Continue reading How to check if File and Folders exists using PowerShell→

Problem, extraction Role of users from AzureAD by powersell [closed]

Posted on August 13, 2024 by tester2020

I’m trying to export users with their Role from AzureAD with the PowerShell script bellow.
When I execute the script I get an Excel file with four columns: Username, email, role and Description. But the columns of Role and Description are … Continue reading Problem, extraction Role of users from AzureAD by powersell [closed]→

Difference between PS Remoting and Winrs from a detection standpoint

Posted on July 20, 2024 by user2334659

From a detection standpoint, when pivoting inside a network what difference (if any) is there between establishing a remote connection between using Enter-PSSession -ComputerName PC1 vs winrs -r:PC1 powershell?

Continue reading Difference between PS Remoting and Winrs from a detection standpoint→

Opening PowerShell (PS) session with STs

Posted on July 17, 2024 by Aryan

I am solving Tryhackme> Exploiting Active Directory > Task 3. At very last, how new powershell session is opening with the dumped Service Tickets (STs)? He typed this command…
PS> New-PSSession -ComputerName thmserver1.za.tryhac… Continue reading Opening PowerShell (PS) session with STs→

Assure Deterministic Hashing/Encryption Process can be Replicated if Rebuilt

Posted on June 27, 2024 by Clifford Piehl

May I have some guidance for a project I am working on?
These are the requirements:

A Dataset needs to be submitted in a .csv format, delimited by ‘|’
The Dataset needs to be submitted periodically (once per month)
There are ID columns in… Continue reading Assure Deterministic Hashing/Encryption Process can be Replicated if Rebuilt→

Why is running an exe created from ADS, failing in Win-11 with incompatibility of 64-bit OS?

Posted on May 27, 2024 by not2qubit

I’m experimenting with ADS (Alternative Data Streams), and tried to create a text file with the calc.exe embedded in an ADS.
I used the following steps to do this:
"Hello" >t2.txt
Get-Content -Raw -Path "C:\Windows\System… Continue reading Why is running an exe created from ADS, failing in Win-11 with incompatibility of 64-bit OS?→

Minimal permissions for EXCEL COM operations

Posted on May 15, 2024 by Segfault

I have a situation where i’m trying to limit the required permissions for an account that leverages Excel COM / process operations.
Worth to be noted, this account is an AD Managed Service Account.
Such operations include but not limited t… Continue reading Minimal permissions for EXCEL COM operations→

3 Simple Ways to Find Your Windows 10 Product Key

Posted on April 23, 2024 by Ray Fernandez

Have you lost your Windows 10 product key? You can find it listed in the operating system with a little know-how and a few simple commands. Continue reading 3 Simple Ways to Find Your Windows 10 Product Key→