Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.3K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#powershell

45 posts36 participants2 posts today
Public
pwshguy (mdowst)

PowerShell Weekly for May 30, 2025

programming.dev/post/31306817

programming.devPowerShell Weekly for May 30, 2025 - programming.dev## Blogs, Articles, and Posts - Microsoft Edit: Terminal editor for Windows and Linux [https://4sysops.com/archives/microsoft-edit-terminal-editor-for-windows-and-linux/] Microsoft has recently launched Edit, a lightweight terminal editor for Windows and Linux. It revives the spirit of the MS-DOS Editor, which debuted in 1991 as a full-screen text editor for DOS and early Windows systems. Edit eliminates the need to leave the terminal to edit files. While Edit doesn’t feature a traditional GUI, it supports tab management and can be navigated using a mouse. On Linux, the open-source tool can be seen as an alternative to nano. - How to List Hidden Group Memberships with the Graph [https://office365itpros.com/2025/05/29/hidden-group-memberships/] A user reported that a script didn’t list any details of hidden group memberships and asked why. The reason is that a separate Graph permission controls access to hidden group memberships. If an app doesn’t have the permission, the Graph returns null memberships, which is probably not all that helpful. Once the right permission is in place, everything works. - Track Microsoft Entra Application Operations Using PowerShell [https://o365reports.com/2025/05/27/monitor-entra-app-operations-using-powershell/] When applications are registered in Microsoft Entra, they are granted with surprising number of privileges like accessing sensitive data to acting on behalf of users. But these permissions aren’t static. Once an app is registered, its configuration can evolve over time through various operational changes. ## Projects, Scripts, and Modules - Using the Convert Module in PowerShell [https://powershellisfun.com/2025/05/23/using-the-convert-module-in-powershell/] When you have Objects in a format that you can’t read, or when you want to convert Objects to another format, or to switch from Celsius to Fahrenheit, you can use the Cmdlets from the Convert module from Andrew Pearce :) In this small blog post, I will show you how you can use this great module! - Intune Automation Collection Community Solution Helps to Build Workflows with PowerShell Scripts and More [https://www.anoopcnair.com/intune-automation-collection-powershell-scripts/] Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. - WinTuner v 1.1.1 [https://www.powershellgallery.com/Packages/WinTuner/1.1.1] Package and publish any apps from WinGet to Intune. - WebSocket [https://github.com/PowerShellWeb/WebSocket] WebSocket is a small PowerShell module that helps you work with WebSockets. - PesterExplorer [https://github.com/HeyItsGilbert/PesterExplorer] Pester does a wonderful job printing out tests results as they’re running. The difficulty can be where you’re looking at a large number of results. PesterExplorer creates a Text User Interface to explore Pester results. ## Books, Media, and Learning Resources - June 2025 Update for the Automating Microsoft 365 with PowerShell eBook [https://office365itpros.com/2025/05/23/microsoft-365-powershell-12/] The June 2025 update for the Automating Microsoft 365 with PowerShell eBook is now available. Coding automation with Microsoft 365 PowerShell can be challenging, but not with this book beside you. It contains hundreds of examples of working with Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, Teams, and Planner using regular PowerShell cmdlets and the Graph APIs. - using powershell to call llama3.2 and saving the file locally [https://www.youtube.com/watch?v=C2ktBeAcYxk] Scripts included ## Community - Building Fast Tools and Smarter Workflows with Justin Grote [https://powershellpodcast.podbean.com/e/building-fast-tools-and-smarter-workflows-with-justin-grote/] In this episode of the PowerShell Podcast, we welcome back Justin Grote, a Microsoft MVP and open-source powerhouse, for an in-depth and fast-paced conversation. Fresh off his PowerShell Wednesday presentation, Justin shares the thinking behind his latest innovations, including the creation of the high-performance ExcelFast module and his evangelism for dev containers and modern development workflows. - Add enhanced splatting RFC draft by jborean93 [https://github.com/jborean93/PowerShell-RFC/pull/1] Anyone interested in yet another attempt at trying to enhance splatting in PowerShell. I’ve tried to collate all the options proposed over the years with their pros/cons. Hoping to get any community feedback before trying to champion a proper RFC - PowerShell + DevOps Global Summit 2025 [https://www.youtube.com/playlist?list=PLfeA8kIs7CoftB7JKZTiUKnVUHIMtwYF5] The recordings from the PowerShell + DevOps Global Summit 2025 are starting to roll out on YouTube. ## Events - PowerShell Conference Europe 2025 [https://psconf.eu/] 23-26 June 2025 Check out psweekly.dowst.dev [https://psweekly.dowst.dev/] for all past editions as well as a searchable archive.
#powershell
Replied in thread
Public
Kevin Karhan :verified:

@mrgrumpymonkey depends...

Next logical step is some #PowerShell script that downloads a #Linux distro image, repartition the system drive, add some unallocated space at the end, put a #CloudInit config in it and then do an #UnattendedInstall of said system with bcd by calling up #bcdedit to #chainload said partition.

  • I jist have neither the time nor spoons to do that shit myself, but in theory a #NetInstaller image of ~ 100MB should suffice...
#netinstaller
Public
OTX Bot

Chasing Eddies: New Rust-based InfoStealer used in CAPTCHA campaigns

A novel Rust-based infostealer called EDDIESTEALER has been discovered, distributed through fake CAPTCHA campaigns. The malware uses deceptive verification pages to trick users into executing a malicious PowerShell script, which deploys the infostealer. EDDIESTEALER targets sensitive data including credentials, browser information, and cryptocurrency wallet details. It communicates with a command and control server to receive tasks and exfiltrate data. The malware employs string obfuscation, API obfuscation, and other evasion techniques. It specifically targets various crypto wallets, browsers, password managers, FTP clients, and messaging applications. The use of Rust in its development reflects a growing trend among threat actors seeking enhanced stealth and resilience against traditional analysis methods.

Pulse ID: 6838b480f31c059165ae1733
Pulse Link: otx.alienvault.com/pulse/6838b
Pulse Author: AlienVault
Created: 2025-05-29 19:24:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Browser#CAPTCHA#CyberSecurity
Public
OTX Bot

Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has uncovered new threats disguised as legitimate AI tool installers, including CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly-discovered malware called Numero. These threats exploit the increasing popularity of AI across various industries. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, distributed as a fake ChatGPT installer. Numero, masquerading as an AI video creation tool, manipulates the Windows GUI, rendering systems unusable. Threat actors are using SEO poisoning and social media to distribute these fraudulent installers, targeting businesses in B2B sales, technology, and marketing sectors. Organizations must exercise caution and rely on reputable vendors to avoid falling prey to these malicious campaigns.

Pulse ID: 683877ce5988443994d884f3
Pulse Link: otx.alienvault.com/pulse/68387
Pulse Author: AlienVault
Created: 2025-05-29 15:05:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#ChatGPT#Cisco#CyberSecurity
Public
Tony Redmond

Practical Graph: Working with Calendar Events Using Graph APIs

Calendar events make up user and group calendars. It's possible to create, update, cancel, and remove calendar appointments and meetings, including recurring events, through the Graph API. This article explains how to pass all the properties needed to create and manage events using PowerShell and the Graph APIs.

practical365.com/calendar-even
#PowerShell #MicrosoftGraph #Microsoft365

Practical 365 · Practical Graph: Working with Calendar Events Using Graph APIsCalendar events make up user and group calendars. It's possible to create, update, cancel, and remove calendar appointments and meetings, including recurring events, through the Graph API. This article explains how to pass all the properties needed to create and manage events using PowerShell and the Graph APIs.
ExploreLive feeds
About