Cross-platform command-line interface and scripting language for system and network administration
POPULARITY
Categories
This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063's Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems. The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model. The research and executive brief can be found here: Inside SHADOW-WATER-063's Banana RAT: From Build Server to Banking Fraud Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063's Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems. The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model. The research and executive brief can be found here: Inside SHADOW-WATER-063's Banana RAT: From Build Server to Banking Fraud Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of Command Control Power, the hosts discuss practical IT uses of AI, including improving client communications, speeding email migration due diligence via AI-generated PowerShell reporting (mailbox size, forwarding rules, aliases, naming pitfalls, licensing limits), and reducing billing friction by summarizing recorded RingCentral calls in Claude to log hours and generate detailed invoices, including for Ubiquiti camera projects. They debate risks such as blindly running AI-suggested commands, clients acting on AI advice, and data leakage when employees paste company information into public AI tools, emphasizing guardrails, policies, and potential local/private AI setups (e.g., Mac mini with Ollama). The conversation broadens to AI's impact on IT business models, automation in ticketing, and Apple's lackluster AI progress, delayed Siri features, privacy positioning, and reliance on partners like Google/Gemini. 00:00 Show Kickoff 00:02 New Studio Tour 00:31 Flag Outage Story 01:35 AI Migration Prep 03:26 PowerShell Due Diligence 05:36 Call Summaries Invoicing 07:31 Automating Call Logs 09:35 AI As Expert Helper 11:51 Safety With Commands 12:58 Clients Using AI 13:54 Data Privacy Guardrails 17:17 Industry Shift Fears 20:07 Auto Reply Ticketing 24:18 Local AI Knowledge Base 26:02 AI Eats Software 27:35 Future Of IT Services 29:04 AI Automation Ethics 30:06 Market Pressure On IT 31:03 Apple Intelligence Doubts 33:10 Privacy And Gemini 35:06 Apple Strategy And Mindshare 37:43 MDM Guardrails Needed 39:39 First Mover Myth 43:32 Ubiquity And AirPods AI 47:21 Beta Plans And Rollout 48:06 AI Policy And Profiles 51:32 Wrap Up And Outro
In this episode, Andrew chats with Adriano Carollo at PSConfEU about community, PowerShell Universal, AI, and what happens when you stop lurking and start talking to people. Adriano shares how PowerShell helped him grow from sysadmin into web apps, automation, and open source-style contribution, while Andrew reflects on learning, AI, and why enthusiasm still matters. Key Takeaways: · Community accelerates growth. Adriano came to PSConfEU after hearing Andrew encourage listeners to engage, and the payoff was immediate. · PowerShell Universal can open unexpected doors. Adriano describes using it daily to learn web development concepts like JavaScript, HTML, and React through PowerShell. · AI is most useful when it supports learning instead of replacing it. Both Andrew and Adriano talk about using AI for research, syntax help, documentation, and personal workflows while still valuing hands-on problem solving. Guest Bio: Adriano Carollo is a Berlin-based system administrator and PowerShell enthusiast who uses PowerShell Universal daily. He is active in the PowerShell Universal Discord community and is exploring automation, web apps, self-hosting, and entrepreneurship. Resource Links: PDQ Connect:https://www.pdq.com/pdq-connect/ PowerShell Scanner for PDQ Connect:https://www.pdq.com/blog/the-powershell-scanner-has-arrived-in-pdq-connect/ PowerShell Universal:https://powershelluniversal.com/ PSConfEU:https://psconf.eu/ PDQ Community Discord:https://discord.gg/pdq Adriano C. https://linkedin.com/in/adriano-c-501203213 The PowerShell Podcast on YouTube: https://youtu.be/qLYqUF9gD9s
Automation as Core Strategy: Aarin Bailey on RPA, AI, and Scaling MSP OperationsOn the Evolved Radio podcast, Todd interviews Aarin Bailey, COO at Webit Services and former COO at MSP Bots, about treating automation as a core MSP operating strategy. Aarin describes how his automation focus accelerated around COVID by chaining PowerShell scripts, later expanding into Python, GUIs, and modular systems connected via RESTful APIs, with much of the computation running outside the RMM on servers (including SQL and Python) while the RMM remains mainly a monitoring and job-push layer. They discuss whether RMM is a “zombie product,” the ongoing role of PSA/ticketing as a system of record, and managing complexity through separate modules and staff literacy in Python/RPA. Aarin explains build-vs-buy decisions driven by ROI and fit, cites automated triage/dispatch with ~98% accuracy and shifting token costs, argues AI should augment rather than replace humans, and emphasizes documentation, playbooks, and focusing on operational “bad” anomalies. They also cover client tolerance for AI, limiting client-facing AI after hallucinated ticket notes, skepticism about voice AI, and concerns about AI economics and subsidies.This episode is brought to you by Opsleader Pro. A place for MSP owners and managers to get the systems and tools they need to build a stable and growing MSP. Part group coaching, part peer group, everything you need to run a successful MSP. (00:00) - Automation First Mindset (01:10) - Aaron Origin Story (05:04) - From Scripts to Platforms (05:41) - Beyond the RMM Beehive (08:35) - Is RMM a Zombie (12:14) - Managing Complexity Safely (14:33) - Build vs Buy ROI (19:39) - Token Costs and Pair Coding (23:49) - AI Security Reality Check (27:34) - Scaling with Playbooks (30:12) - Hunt the Bad Stuff (30:59) - Blueprints Before Automation (32:46) - Ticket Volume and Vision (33:32) - Saying No as Integrator (35:44) - Healthy Disagreement Dynamics (37:08) - Client Facing vs Backend AI (40:05) - AI Hallucinations and Guardrails (43:05) - Voice AI and Live Answer (46:06) - Costs and Subsidized AI Era (49:26) - Outcome First and RPA Focus (51:36) - Wrap Up and Thanks
Recorded live at PSConfEU 2026, Andrew sits down with returning guest Miriam Wiesner, Senior Security Researcher at Microsoft, for a wide-ranging conversation on PowerShell security, cookie-based attacks, and the evolving threat landscape. Miriam walks through her two conference talks — one on Microsoft Teams session cookie hijacking (a follow-up to her 2025 Entra ID cookie talk, complete with Cookie Monster branding and actual handcuffs), and a joint session with Stéphane van Gulick on using Microsoft Defender's Live Response feature for incident investigation. The conversation also covers the current state of PowerShell security, why sophisticated attackers are moving away from PowerShell, and why defenders who haven't enabled script block logging and AMSI are leaving easy wins on the table. On top of the technical deep dive, Miriam and Andrew get into the human side of the conference community — nerves before presenting, imposter syndrome, and why showing up is already half the battle. Key Takeaways: Cookie-based identity attacks are an active and growing threat. Microsoft Teams, SharePoint, and OneDrive share session cookies, meaning a single cookie theft can give an attacker broad access across your organization's collaboration tools — no re-authentication required. Sophisticated threat actors are moving away from PowerShell specifically because its security features work. Script block logging, AMSI, and Constrained Language Mode make PowerShell activity highly visible and detectable. If your org hasn't enabled these, you're handing attackers an easy path. Visibility beats prevention. You can't prevent what you can't see. Detection through proper logging is not a consolation prize — it's a core security strategy, and Microsoft Defender's Live Response feature gives teams a powerful way to investigate isolated endpoints without needing RDP or PowerShell remoting enabled. Guest Bio: Miriam Wiesner is a Senior Security Research Program Manager at Microsoft with over 15 years of experience in IT security, penetration testing, and security automation. She works on research behind Microsoft Defender and Sentinel and is the creator of widely used open source PowerShell security tools EventList and JEAnalyzer. Miriam is a sought-after speaker at major security and PowerShell conferences including Black Hat, PSConfEU, and MITRE ATT&CK Workshops. She's also the author of "PowerShell Automation and Scripting for Cybersecurity," published by Packt. Her conference speaker career started at PSConfEU 2018 and she's been a fixture of the community ever since. Resource Links Miriam's 2025 Cookies talk - https://www.youtube.com/watch?v=8xDcq0pPNPs Book – PowerShell Automation and Scripting for Cybersecurity (Packt): https://www.amazon.com/PowerShell-Automation-Scripting-Cybersecurity-Hacking/dp/1800566379 Miriam on LinkedIn: https://www.linkedin.com/in/miriamwiesner Miriam on X/Twitter: https://x.com/MiriamXyra Miriam's GitHub (EventList, JEAnalyzer, and more): https://github.com/miriamxyra Miriam's Website: https://miriamxyra.com Connect with Andrew: https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/zxJOqcEwgWE
Frank Lesniak joins Andrew Pla for a wide-ranging conversation that covers Frank's newly minted Microsoft MVP status, his journey through PowerShell, and what it looks like to build a real presence in the tech community. Frank talks through the pipeline struggles that tripped him up early on, how his VB Script and object-oriented background made the shift to PowerShell's object model feel disorienting, and how AI has quietly changed the way he approaches scripting today. The conversation takes a thoughtful turn as Andrew and Frank dig into impostor syndrome, the value of conference speaking, and how showing up consistently in the community compounds into a career. Frank also shares an update on DuPage Animal Friends, the nonprofit he serves, which supports one of the country's highest-performing open-admission animal shelters. Key Takeaways: The PowerShell pipeline is one of the most commonly cited stumbling blocks for newcomers, especially those coming from text-based scripting backgrounds. Learning to visualize what your objects look like at each stage of the pipeline, using tools like Get-Member, is a skill that pays dividends long term. Showing up at conferences and user groups, even when you feel underprepared, is how you build the reps that eventually make it feel natural. Frank's consulting background gave him a head start on presentation skills, and he's clear that no one is born polished. Community involvement and career growth are more connected than they might look from the outside. Engaging with people on GitHub, at events, and through open source creates a feedback loop that builds confidence and opens doors. Guest Bio: Frank Lesniak returns to The PowerShell Podcast, this time as a Microsoft MVP (Microsoft Azure, PowerShell). Frank is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where PowerShell runs through client work on corporate M&A: carve-outs, tenant-to-tenant migrations, identity consolidation, endpoint moves, and security posture improvement across Microsoft 365, Azure, Entra ID, Active Directory, Intune, Defender, and Windows. Beyond consulting, Frank speaks at technical conferences, mentors first-time speakers, and publishes open-source PowerShell standards and tooling, including PSStyleGuide, GloryRole, and PSConnMon. His public work threads least-privilege identity, cloud role mining, cross-platform observability, and high-quality AI-assisted development through standards, automated tests, and automated code quality reviews. Connect with Frank: https://linktr.ee/franklesniak Connect with Andrew: https://andrewpla.tech/links PSConnMon - PowerShell Network Monitoring - https://github.com/franklesniak/PSConnMon/ GloryRole - Automating Least-Privlege Azure and Entra ID Directory Roles - https://gloryrole.com PowerShell Style Guide - https://github.com/franklesniak/PSStyleGuide PowerShell Style Guide + Coding Agents Lightning Talk - https://github.com/devops-collective-inc/pshsummit26/tree/main/PowerShellStyleGuideForCodingAgentsAndHumans-Lesniak Coding Agent Accelerator Template Repo (Coming Soon!) - https://github.com/franklesniak/copilot-repo-template ProStateKit - the DSC v3-Intune Starter Kit - https://github.com/franklesniak/ProStateKit ProStateKit Promotional Commercial - https://www.youtube.com/watch?v=cA5vMH522F0 macOSLab - Automating Legit macOS VMs - https://github.com/franklesniak/macOSLab DuPage Animal Friends - https://www.dupageanimalfriends.org/ PDQ Discord: https://discord.gg/pdq The PowerShell Podcast: https://www.pdq.com/resources/the-powershell-podcast/ Previous episodes with Frank Lesniak: https://powershellpodcast.podbean.com/?s=Frank+Lesniak The PowerShell Podcast on YouTube: https://youtu.be/Eg-uEGaurmY
Records Management – final i Purview-serien När en tillsynsmyndighet begär ut handlingar fem år tillbaka, eller när en revisor vill se att ni faktiskt hanterat er information försvarbart, då är det för sent att börja bygga. Records Management är den allvarligaste delen av hela Purview-portföljen: lösningen för innehåll som måste kunna bevisas ha bevarats oförändrat och gallrats på ett sätt som tål granskning. Skillnaden mellan en vanlig bevarandetikett, en låst handling och ett regulatory record är större än den ser ut. Den striktaste nivån går inte ens att ta bort av en administratör, och den är så väl gömd att du måste fram med PowerShell innan alternativet dyker upp. Den kanske mest oväntade vinkeln är kopplingen till Copilot: skräpig och omärkt data ger skräpiga svar, vilket gör informationsförvaltning till en fråga om datakvalitet och inte bara regelefterlevnad. Och så knyter vi ihop hela resan genom Purview-alfabetet, med en tydlig varning om att de gamla SharePoint-funktionerna för arkivering nu definitivt är borta. AI-skolan del 1 – Copilot Cowork De flesta AI-verktyg svarar på en fråga eller utför ett enkelt uppdrag. Copilot Cowork gör något annat: det tar sig an hela kedjor av arbete, planerar stegen självt och levererar ett färdigt resultat medan du gör något helt annat. Premiäravsnittet av AI-skolan reder ut vad det faktiskt innebär när AI börjar utföra arbete i stället för att bara assistera, hur Microsofts version skiljer sig från Anthropics Claude Cowork, och varför europeiska organisationer måste säga uttryckligt ja till en amerikansk underleverantör innan det ens fungerar. Du behöver inte oroa dig för att tappa kontrollen: Cowork pausar och frågar innan den gör något riskabelt, så du delegerar stegen men behåller sista ordet. Och som avslutning får du ett nytt ord i ordlistan som förklarar varför en dirigent aldrig själv rör ett enda instrument. Nyheter Och håll dig kvar till sista stund, för då väntar som alltid en snabb runda med det senaste från Microsoft 365.
In this episode, host Andrew Pla sits down with Mark Littlefield, VP of Product at PDQ, for a wide-ranging conversation about product management, the PowerShell community, and what it looks like to deeply learn a technical domain when you're not coming from a traditional sysadmin background. Mark shares his journey from tech support to product management, what drew him to PDQ and the challenges facing IT admins, and what surprised him about PowerShell once he started paying close attention. The two also dig into the history behind PDQ Connect's PowerShell Scanner, how product teams learn from customers, the art of storytelling as a PM and sysadmin skill, and more. Key Takeaways: Product management and PowerShell automation share a core philosophy: solve problems at the root, not just on the surface. Whether you're writing a script or building a feature, the goal is to eliminate a challenge entirely rather than patch around it. Understanding your customer requires more than data — it requires immersion. Mark describes going deep into the sysadmin world through customer interviews, internal usage, and community engagement to truly understand the problems facing IT teams. Great storytelling is a transferable skill. Andrew draws a parallel between how Jeffrey Snover used the Monad Manifesto to get internal buy-in at Microsoft and how to use narrative to align teams and push ideas forward. Guest Bio: Mark Littlefield is the VP of Product at PDQ, where he leads product strategy and development for PDQ Connect and the broader PDQ product suite. With over 15 years of product management experience, Mark previously served as VP of Product Management at InsideSales.com, where he oversaw product management and design across the platform. He holds a Bachelor of Science in Information Systems with a focus on Business Intelligence from Utah Valley University and is based in Salt Lake City, Utah. Resource Links: PowerShell Event: https://www.pdq.com/save-time-with-powershell-pdq-connect/ PDQ Connect: https://www.pdq.com/pdq-connect/ PDQ PowerShell Scanners GitHub repository: https://github.com/pdqcom/PowerShell-Scanners The Monad Manifesto (Microsoft Learn): https://learn.microsoft.com/en-us/powershell/scripting/developer/monad-manifesto?view=powershell-7.5 Monad Manifesto blog post by Jeffrey Snover: https://devblogs.microsoft.com/powershell/monad-manifesto-the-origin-of-windows-powershell/ Mark Littlefield on LinkedIn: https://www.linkedin.com/in/mark-littlefield/ Connect with Andrew: https://andrewpla.tech/links PDQ Discord: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/fo2V5LC-EZo
In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker “Yellow Key” fallout and large-scale remediation challenges AI-generated PowerShell fixes and the rise of vibe scripting Linux kernel exploits, module jail, and default deny strategies Medical biometric data theft and why fingerprints are terrible passwords Interpol cybercrime operations across the MENA region OT security, connected vehicles, and accepting real-world risk The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-927
In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker "Yellow Key" fallout and large-scale remediation challenges AI-generated PowerShell fixes and the rise of vibe scripting Linux kernel exploits, module jail, and default deny strategies Medical biometric data theft and why fingerprints are terrible passwords Interpol cybercrime operations across the MENA region OT security, connected vehicles, and accepting real-world risk The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward. Show Notes: https://securityweekly.com/psw-927
In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker "Yellow Key" fallout and large-scale remediation challenges AI-generated PowerShell fixes and the rise of vibe scripting Linux kernel exploits, module jail, and default deny strategies Medical biometric data theft and why fingerprints are terrible passwords Interpol cybercrime operations across the MENA region OT security, connected vehicles, and accepting real-world risk The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-927
In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker "Yellow Key" fallout and large-scale remediation challenges AI-generated PowerShell fixes and the rise of vibe scripting Linux kernel exploits, module jail, and default deny strategies Medical biometric data theft and why fingerprints are terrible passwords Interpol cybercrime operations across the MENA region OT security, connected vehicles, and accepting real-world risk The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward. Show Notes: https://securityweekly.com/psw-927
Parce que… c'est l'épisode 0x2FC! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode spécial de Polysécure consacré à Cybereco, Charles F. Hamilton présente son analyse annuelle de l'état de la menace cyber en 2026. Comme chaque année, il s'efforce de distinguer le discours marketing des vendeurs de la réalité observée sur le terrain, fort de son expérience quotidienne en tests d'intrusion offensifs. Azure et Entra ID : des failles par défaut Une large partie de la discussion porte sur l'environnement Microsoft Azure et Entra ID (anciennement Azure Active Directory). Charles souligne un problème fondamental : beaucoup d'entreprises partent du principe que « si c'est Microsoft, c'est sécurisé », ce qui crée une forme de déresponsabilisation dangereuse. En réalité, la configuration par défaut d'Azure offre très peu de visibilité — les logs et informations de sécurité essentiels sont verrouillés derrière un paywall, rendant la validation quasi impossible sans un intervenant offensif. Un exemple frappant illustre ce problème : lorsqu'une entreprise configure une politique d'accès conditionnel imposant le MFA pour toutes les applications mais ajoute une seule exception (par exemple pour un compte d'automatisation), Microsoft ajoutait silencieusement Microsoft Graph et Azure Active Directory dans les exceptions. Or, Microsoft Graph est le point d'entrée vers pratiquement tous les services cloud. Un attaquant disposant d'un identifiant et mot de passe pouvait donc s'authentifier via Microsoft Graph sans aucun MFA. Bien que Microsoft ait corrigé ce comportement récemment, toute exception créée avant le correctif reste active. Charles en découvre encore quotidiennement, ce qui pose un problème majeur — notamment pour les assureurs, dont les questionnaires de conformité ne détectent pas ces failles. Le décalage entre sécurité offensive et défensive Charles défend l'idée que la sécurité offensive a une longueur d'avance considérable sur la défensive. Les produits de sécurité défensive bloquent souvent des menaces qui datent de plusieurs années, pas celles d'aujourd'hui. Il prend l'exemple du device code phishing, une technique qu'il utilise depuis une dizaine d'années et que les attaquants malveillants commencent seulement à découvrir en 2026. Les entreprises qui ont investi dans des tests offensifs il y a cinq ou six ans sont déjà protégées ; les autres paniquent aujourd'hui. Il insiste sur la valeur du Red Team : contrairement à un scan automatisé qui produit des milliers de vulnérabilités toutes marquées « critiques », un Red Team raconte une histoire — il identifie le chemin qu'un attaquant emprunterait pour atteindre ce qui a réellement de la valeur pour l'entreprise. Charles mentionne également le score EPSS (Exploit Prediction Scoring System), encore trop méconnu, qui permet de prioriser les vulnérabilités en fonction de leur probabilité réelle d'exploitation plutôt que de leur sévérité théorique. Infostealers et ClickFix : les menaces du quotidien La conversation aborde ensuite les infostealers, des logiciels malveillants qui récupèrent les mots de passe stockés dans les navigateurs. Leur efficacité tient à leur discrétion : ils ne touchent pas aux processus surveillés par les EDR/XDR et sont donc très peu détectés. Pire, ils se propagent souvent via des installeurs gratuits pour des jeux populaires comme Roblox ou Minecraft, ciblant les enfants. Quand un parent prête son ordinateur professionnel à son enfant, les identifiants corporatifs se retrouvent compromis. Charles rapporte des chiffres vertigineux : un de ses contacts dans le domaine possède des logs provenant de 600 millions de postes uniques infectés par des infostealers. Quant aux attaques ClickFix, Charles se dit fasciné qu'elles fonctionnent, car elles demandent à l'utilisateur d'exécuter une série d'étapes complexes — copier du PowerShell dans une invite de commande, par exemple. Mais l'utilisateur moyen ne comprend tout simplement pas ce qu'il fait : les extensions de fichiers, les commandes, tout cela n'a aucun sens pour lui. Le succès du phishing repose uniquement sur l'expérience utilisateur : plus c'est simple, plus ça marche. Supply chain et cas extrêmes Charles partage des histoires marquantes de sa carrière. Il a testé la sécurité d'avions dont les interfaces pilotes tournaient sous Flash et Windows embarqué. Bien que l'avion soit physiquement déconnecté d'internet, le laptop de mise à jour, lui, y passait — ouvrant la porte à des attaques de supply chain. Il raconte aussi le cas de guichets ATM dont le système de gestion acceptait des mises à jour non signées, permettant l'injection de code malveillant. Plus récemment, il a travaillé sur des cas d'infiltration d'employés nord-coréens se faisant passer pour des développeurs. Fait surprenant : ces individus étaient de bons ingénieurs et se faisaient toujours démasquer par des anomalies humaines (incohérences de localisation), jamais par leur code. IA, vibe coding et secrets exposés L'essor du vibe coding assisté par IA aggrave un problème existant : des développeurs qui ne comprennent pas ce qu'ils produisent. Charles a trouvé plus de 124 000 résultats sur GitHub pour « remove client secret » — des commits où des développeurs retirent des secrets Azure (tenant ID, application ID, client secret) sans jamais les révoquer. Beaucoup de ces commits portent les traces caractéristiques de code généré par IA, avec des emojis dans les commentaires. Le paradoxe de l'industrie cyber En conclusion, Charles soulève un paradoxe central : on n'a jamais eu autant de produits de sécurité, de solutions et de technologies pour prévenir les brèches, et pourtant on n'a jamais eu autant de brèches. Les entreprises s'étouffent sous les abonnements coûteux et les promesses marketing, mais négligent l'hygiène de base — segmentation réseau, gestion des correctifs, inventaire des systèmes. L'industrie souffre aussi d'un manque de conséquences réelles pour les entreprises négligentes, ce qui pousse beaucoup d'entre elles à faire le strict minimum. Le vrai travail reste à faire, et il commence par les fondamentaux. Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux réels par Intrasecure inc
It's PowerShell After Dark. Recorded live at the PowerShell & DevOps Global Summit in Bellevue, Washington, host Andrew Pla takes his mic to the hotel bar for a series of candid conversations with attendees. The episode features four guests: Josh Gratton, an OnRamp scholarship recipient whose career pivot to junior systems engineer was fueled by PowerShell and the podcast; Mark Go, a first-time Summit speaker and attendee; Craig Mileham, a fellow podcast listener and Summit first-timer working in higher ed IT; and Matt Zaske, a longtime community member, conference speaker, and IoT enthusiast who ran a Home Assistant lightning demo. What connects all four conversations is the same thread Andrew keeps pulling on: community makes everything better. Beginners belong here. Reach out. Take the risk. Start now. Key Takeaways: The OnRamp scholarship program is genuinely life-changing for early-career IT professionals. Josh Gratton's story, from service desk to systems engineer to Summit attendee, is a direct line from PowerShell to career transformation, and it started with applying for a scholarship he poured his heart into. Showing up in person changes something. Every guest in this episode described the in-real-life version of the PowerShell community as warmer, more welcoming, and more accessible than they expected. The gap between "online community" and "your people" closes fast when you're in the same room. Reaching out is not just encouraged, it's the move. Andrew makes the case clearly: the people who message him, who post in Discord, who ask questions in public, those are the ones he sees succeed. Suffering in silence is optional. So is waiting. Guest Bios: Josh Gratton is an IT professional who made a mid-career pivot from 15 years in a different field to the service desk, then leveraged PowerShell automation to earn a promotion to his company's systems engineering team. A 2026 OnRamp scholarship recipient, Josh attended his first PowerShell & DevOps Global Summit in Bellevue and left planning to present at a future Summit and bring a colleague along next year. Mark Go is an IT professional and active member of the PDQ Discord community who attended the 2026 PowerShell & DevOps Global Summit. He served as Andrew's cameraman during the Summit's After Dark session and is known in the community for his IoT work, including speaking at Summit. He's a returning podcast guest, Powershell Wednesday and Summit speaker. Mark brings a hardware-forward perspective to PowerShell, with interests in soldering and embedded systems. Craig Mileham is a PowerShell Podcast listener and Summit first-timer who works for an MSP in the higher ed space. He attended this year's Summit to absorb as much as possible and left energized to build internal tools for his help desk team and share what he learned at PowerShell Wednesday. This guy is really awesome Matt Zaske is an IT professional, conference speaker, and community member based in Minnesota. A regular presence at events like MMS, Matt is also an avid Home Assistant enthusiast who bridges the gap between PowerShell and IoT hardware. He ran a lightning demo at the 2026 Summit, taught attendees how to solder, and blogs regularly at mzonline.com. You can also find him on LinkedIn and Bluesky. 3d printing legend. GET ON HIS LEVEL Resource Links: PowerShell & DevOps Global Summit: https://www.powershellsummit.org OnRamp Program and Scholarship: https://www.powershellsummit.org/on-ramp/ The PowerShell Podcast on PDQ.com: https://www.pdq.com/resources/the-powershell-podcast/ PDQ Discord (Learn PowerShell channel): https://discord.gg/PDQ PDQ Careers: https://www.pdq.com/jobs/ Connect with Andrew Pla: https://andrewpla.tech/links Matt Zaske's Blog: https://www.mzonline.com The PowerShell Podcast on YouTube: https://youtu.be/Y_GDB0e8xHY
これでAntigravityの使い勝手も良くなったら最強!
Jess Pomfret returns for her third appearance on the PowerShell Podcast and brings the same energy that keeps people coming back. She and Andrew cover a lot of ground, starting with her upcoming "Chase the Sun" charity cycling event where she'll attempt to ride 205 miles coast-to-coast across the UK in a single day, starting at sunrise on the longest day of the year and racing the sun to the finish line. It's a big undertaking, and she's riding to raise money for Momentum in Fitness, a charity her wife works for that brings fitness opportunities to older adults, kids in non-traditional school settings, and children with cancer. On the technical side, Jess makes the case for PowerShell splatting as an underrated beginner concept that makes code dramatically more readable. She walks through the idea of pulling parameters out of a long command line, organizing them into a hash table, and passing that hash table to the command instead. It's one of those things experienced scripters take for granted, but seeing it for the first time is genuinely useful. The conversation also gets into Desired State Configuration (DSC), where Andrew and Jess dig into what it is, how it works, and why it matters for sysadmins who want to maintain consistent configuration across their environments. Jess also opens up about managing a packed schedule between her day job, speaking, podcasting, LinkedIn Learning courses, and serious bike training. Her answer is honest and relatable: she's still figuring it out, but Todoist and a very supportive partner help a lot. Key Takeaways: Splatting is one of the most readable improvements you can make to your PowerShell code. Instead of chaining parameters into one long command, you load them into a hash table and pass that to your command with an @ symbol. Cleaner to write, easier to read, and especially useful when you're sharing code on a screen. DSC lets you define what a system should look like and PowerShell handles the work of getting it (and keeping it) there. It's a mindset shift from scripting manual steps to declaring an end state, and it's particularly powerful in large environments where consistency matters. Having a support system is one of the most underrated factors in being able to sustain a high-output career alongside community contributions. Whether it's people around you who help carry the load or finding your people in the data and PowerShell communities, you can't do it alone indefinitely. Guest Bio: Jess Pomfret is a Data Platform Engineer and a dual Microsoft MVP. She's been working with SQL Server since 2011, is a maintainer on the dbatools open source project, co-host of the Finding Data Friends podcast, and a LinkedIn Learning instructor. She grew up in the south-west of England and now lives in the US. Outside of tech, she's an avid cyclist, padel player, and a devoted fan of proper football. Resource Links: Connect with Jess on LinkedIn: https://www.linkedin.com/in/jpomfret Connect with Andrew: https://andrewpla.tech/links Jess's blog: https://jesspomfret.com Support Jess's Chase the Sun ride for Momentum in Fitness: https://www.justgiving.com/page/jess-pomfret Finding Data Friends podcast on YouTube: https://www.youtube.com/@findingdatafriends/videos dbatools – PowerShell module for SQL Server automation: https://dbatools.io Jess's previous episode on the PowerShell Podcast (Ep. 164): https://powershellpodcast.podbean.com/e/from-proper-football-to-databases-with-jess-pomfret/ Jess's first appearance on the PowerShell Podcast: https://powershellpodcast.podbean.com/e/dbatools-with-jess-pomfret/ Join the PDQ Discord: https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/M2XvvCKs1Ls
Hello friends! Picking up the AI-automation series from a couple weeks back — here's another batch of scripts and integrations that have been giving me precious minutes (and sanity) back. Yes, I had to upgrade to Claude Max. No, I'm not trying to automate myself out of a job — just freeing up bandwidth for the more interesting parts of work/life. QuickBooks invoice automation: Got tired of the eight-factor login plus click-fest just to send a few invoices. Now I run a PowerShell menu — type the client name, pick the project, enter the amount, hit Enter — done in ~30 seconds. The QuickBooks dev onboarding (security questionnaire, IP allowlist) was actually a bigger time sink than the script itself. Password Pusher API integration: A menu-driven PowerShell script that prompts for a label, pops an Explorer window to grab the files, optionally adds a password, then auto-drafts the client email with the secure link filled in. A few minutes saved each time, a couple times a day — adds up to some nice time saved! Basecamp + Claude: Linked Basecamp into a Claude project so I can ask plain-English questions like "what personal project tasks are due this month?" or just voice-note a new task while I'm in the car. Honestly the biggest win is anxiety reduction — once it's in Claude, it's out of my always-simmering pressure cooker of a brain. Blumira agent auto-installer for the GOAD lab: I revert the GOAD lab to vanilla a couple times a week, which means re-installing Blumira agents constantly to show clients the attack/defense telemetry side. Wrote a Kali-side script that uses NetExec over WinRM to check each box for the Blumira service and push the installer if it's missing. (Tried SMB exec first, but escaping got wonky on the PowerShell one-liner.) Bonus: Blumira's dashboard auto-removes agents that haven't phoned home in 24 hours, which is a perfect fit for a lab that's constantly getting nuked. Auphonic + API for podcast production: This one's a little meta. Old workflow: record → drag into Hindenburg/GarageBand → manually line up intro and outro → noise reduction → export. New workflow: one terminal script that previews the first and last few seconds so I can trim silence, ships the audio to Auphonic via API, and returns a cleaned-up, levels-corrected MP3 plus a full transcript and auto-generated chapter markers. (If your podcast app supports chapters (like Downcast) pop open this episode or #720 and you'll see them.) Next step: pipe the transcript straight into Claude for a show notes first draft. One quick personal note before I run: my oldest son just landed an EMT job with a great Minnesota medical network, and is wrapping up paramedic school in a few months. I cried some happy dad tears today.
Paula Kingsley, a senior IT leader, longtime consultant, automation and PowerShell enthusiast, eight-time Microsoft MVP for Exchange Server, and happy generalist, joins Andrew for a wide-ranging conversation about her tech journey and what it actually looks like to grow from deep hands-on work into technology leadership. They kick things off with a topic near and dear to a lot of PowerShell folks: the ISE-to-VS Code migration. Paula was terrified of it, put it off for as long as she could, and now uses VS Code every single day. From there, the conversation opens up into what consulting taught her about solving problems, how being a generalist can be a genuine advantage, why documentation and communication matter as much as technical skill, and what it means to keep the human side of technology alive as you move up. Paula also drops some solid practical PowerShell wisdom along the way, from always including WhatIf support in your functions to the very important reminder that Get is safe and Set is something else entirely. Key Takeaways: Making the jump from ISE to VS Code feels daunting, but the move is absolutely worth it. The secret is forcing yourself to open it first and just leaving it open until the habit takes hold. Being a generalist isn't a weakness. The ability to see across systems, communicate up and down, and translate technical work into business outcomes is a real and undervalued skill. Always build yourself an escape route. WhatIf and ShouldProcess aren't just best practices, they're the difference between a confident deployment and a very bad afternoon. Guest Bio: Paula Kingsley is an outcome-driven senior IT leader, technology operations and engineering expert, eight-time Microsoft MVP for Exchange Server, and self-described happy generalist. Her path into tech started with a liberal arts degree and eventually led through boutique IT consulting, enterprise infrastructure, global production operations, automation, cloud, AI, and a deep appreciation for PowerShell. Paula has built her career around solving problems, simplifying workflows, removing friction, and helping technical teams work better at scale. She is senior enough to shape strategy and steer practices, still hands-on enough to fix things herself, and yes, she even likes regex. You can find her on GitHub as lanwench and on LinkedIn. Resource Links: Paula Kingsley on LinkedIn – https://www.linkedin.com/in/paulakingsley/ Paula Kingsley on GitHub – https://github.com/lanwench Connect with Andrew – https://andrewpla.tech/links/ PDQ Discord – https://discord.gg/pdq The PowerShell Podcast on YouTube: https://youtu.be/WLNVCW7S8BE
Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dancer son Atticus at DadOfADancer.com. Speaking of Atticus — he just landed a spot in Master Ballet Academy's summer program in Phoenix, and I am a very proud dance dad over here. OK, on to the pentest: A weird runas quirk: If your AD test account password ends in a percent sign, runas seems to misbehave (Claude thinks Windows is interpreting the % as a variable delimiter). Workaround: runascs.exe, which wraps your tool launch with creds inline. Worked like a champ — notes over on the 7MinSec.wiki. Standard first pass: PingCastle for the AD overview, then Snaffler for share crawling, with Chimas as a nicer web UI for searching the Snaffler JSON. The "Snaffler missed something" moment: Snaffler is great but it primarily uses pattern matching, so manual review of interesting directories still matters. I found a PowerShell script with a funky obfuscation routine, fed it to Claude for context, tracked down the function definition, and ended up decrypting a local admin password. Going loud: SMB-sprayed that cred across the subnets → handful of machines popped → ran a deeper, targeted Snaffler against just those boxes → enumerated sessions and spotted a domain admin interactively logged in. Plan A fizzled: Wanted to pull off a favorite trick — sneak in via WinRM and queue a scheduled task as the logged-in DA (no password needed). WinRM was disabled. Oh fart. Plan B — the "trap" file: Dropped a malicious .library-ms file directly into the DA's desktop folder. No clicks required — just the desktop being open is enough to trigger an HTTP coercion to my evil box. (Caveat: I think you need a DNS record or computer object that the victim box trusts as "intranet zone.") The escalation: Had ntlmrelayx standing by, ready to relay to LDAP on a DC. The coerced auth fired the moment the "trap" file landed on disk. An interactive LDAP shell fired in the DA's context, and I used it to add my low-priv account to the Domain Admins group. Defense angles: Rather than chase each technique individually (LDAP signing, web client GPOs, library-ms neutralization, etc.), I like to back up to the systemic fixes that break the chain earlier. Big ones here: deploy LAPS so a single decrypted local admin password isn't a master key everywhere, and a thorough sweep for sensitive data and custom obfuscation routines hanging out on shares. Got thoughts on any of this? Shoot 'em over — I always love hearing how you'd have tackled things differently.
While working with a customer recently, I heard this sentence: a tool is better than a script. The reference was that this customer preferred a known, tested, approved tool for most of their staff rather than a script built, lightly tested, and perhaps changeable by anyone in their organization. I was surprised, because in many ways, I've depended way more on scripts, more often, than "tools" in my career. Often I struggled to find tools that actually worked in the way I wanted them to and built them myself with Unix shell utilities, VB Script, PowerShell, or some combination of those or other technologies. Read the rest of A Tool is Better than a Script
This episode of the PowerShell Podcast After Dark captures two candid bar-session conversations from the PowerShell and DevOps Global Summit, centered on community, career growth, and the real-world value of putting yourself out there. In the first segment, Josh Dearing talks about attending his first Summit, building PowerShell modules, learning from failure, and using automation to improve systems and processes in higher education. In the second, Jeff Wardlaw reflects on finally attending the event in person, the impact of meeting the people behind the tools and community, and the broader lessons around perspective, technical leadership, communication, and problem-solving. Across both conversations, the theme is clear, PowerShell is not just a toolset, it is a way into a generous technical community where curiosity, experimentation, and shared learning can meaningfully shape a career. The PowerShell Podcast on YouTube: https://youtu.be/NyT_A1hSH_M
Lucas Allman joins the PowerShell Podcast for a conversation that starts with practical beginner wins and builds into bigger questions about AI, learning, community, and career growth in IT. The episode covers hands-on PowerShell use cases like event logs, scheduled tasks, and writing functions directly in the terminal, then shifts into Lucas's experience as a first-time PowerShell Summit speaker and his evolving perspective on AI as a tool for both productivity and learning. It lands on a strong human note, with Lucas reflecting on impostor syndrome, keeping up with change, and why curiosity and community still matter just as much as technical skill. Key Takeaways: · Event logs are a great early PowerShell win. Lucas walks through using Get-WinEvent to explore logs, filter for errors, search messages, and troubleshoot faster without waiting on the Event Viewer GUI. He also shares a practical tip for reusing XML or XPath filters from Event Viewer inside PowerShell scripts. · You can do more from the terminal than most people realize. Lucas explains how he writes full functions directly in the interactive shell, then saves them with a custom helper function so good code does not disappear when the session closes. It is a simple idea, but it opens the door to faster experimentation and building tools in the flow of work. · AI is changing how technical people work, but not eliminating the need for judgment. A big part of the Summit discussion centered on using AI as a collaborator, not a replacement. Lucas argues that the real opportunity is to offload repetitive work, learn faster, and free up more time for higher-value problem solving, while still applying technical knowledge and critical thinking to the results. Guest Bio: Lucas Allman is an IT automation specialist with a passion for building practical, scalable solutions using PowerShell. With deep experience in endpoint management, configuration as code, and Microsoft cloud services like Intune and Graph API, Lucas focuses on making complex workflows maintainable, secure, and efficient. He's an advocate for knowledge sharing and enjoys helping others level up their scripting and automation skills through real-world examples and interactive problem-solving. He had ChatGPT write this bio and says it's close enough. Resource Links: · Lucas Allman website: https://lucasallman.com · Connect with Andrew: https://andrewpla.tech/links · PDQ Discord: https://discord.gg/PDQ · PowerShell.org GitHub organization: https://github.com/powershellorg The PowerShell Podcast on YouTube: https://youtu.be/kcjkCS0QN64
Take command of your full app layer in Microsoft Intune. Audit every managed and unmanaged app per device with full metadata — publisher, architecture, disk size, install location, uninstall command — to expose shadow IT before it spreads. Pull curated Win32 apps straight from the Enterprise App Catalog or upload PowerShell .ps1 scripts to control exactly how each app installs. Stage rollouts in rings with Deployment Plans, pause or cancel any deployment in flight, and auto-trust every app you push using App Control for Business with Managed Installer — extending the same trust to new device builds with Autopilot, now up to 25 apps. Keep your fleet current automatically as vendors publish new versions through the Enterprise App Catalog, or trigger updates on demand from the Guided Upgrade Supersedence report. Nicole Zhao, Microsoft Intune Product Manager, shares how to put these built-in enhancements to work across every managed device. *Intune Deployments is currently in private preview. Capabilities shown are subject to change and not yet generally available. Check out aka.ms/RSAC26-Intune-Blog from the RSA Conference for additional security context and guidance when managing apps with Microsoft Intune. ► QUICK LINKS: 00:00 - Built-in app management 00:51 - App Inventory Visibility 01:42 - Enterprise Application Management (EAM) 02:28 - PowerShell Script Installer GA 03:09 - Ring-Based Deployment Plans 04:44 - Managed Installer Auto-Trust 05:39 - Enterprise App Catalog Auto-Update 06:12 - Guided upgrade supersedence 06:50 - Wrap up ► Link References Check out https://aka.ms/IntuneAppManagement ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Bob uses AI tools with Agentic capabilities and talks about how the IT administrator tasks can be automated and managed. By using AI to automate via Powershell or buy using tools such as Open Claw directly.
At the PowerShell and DevOps Global Summit, this after-dark bar session blends casual conversation with a real sense of why the event matters. Brian Quinn talks about returning for his second Summit, filling in PowerShell fundamentals, and bringing back practical skills like remoting, advanced functions, modules, testing, and version control to improve how his team handles identity and access management. Scott Lemonde reflects on what keeps drawing him back, not just the technical knowledge, but the community, the friendships, and the way Summit gives people confidence, perspective, and momentum in their careers. Across both conversations, the theme is clear: PowerShell is not just a tool, it is a shared journey of growth, automation, problem-solving, and finding your people in a field that can otherwise feel pretty isolating. See the PowerShell Podcast on YouTube: https://youtu.be/akrQSKoKjDI
This episode captures the energy of PowerShell Summit through two conversations, one with Gilbert Sanchez and one with Joshua Dearing. The discussion moves from open source maintenance and the future of PowerShell in AI workflows to the human side of technical communities, including burnout, neurodiversity, mentorship, and the value of showing up in person. It also highlights how PowerShell can change careers over time, not just by teaching syntax, but by opening doors to better communication, stronger community ties, and bigger technical thinking. Key Takeaways: · Community is often the unlock, not just the tooling. Both conversations reinforce that Summit's real value is the people, the hallway conversations, and the sense that learning gets easier when you have others around you who are willing to help. · Sustainable technical growth matters more than short bursts of output. Gilbert talks about burnout, open source maintenance, and creating healthier ways to contribute, while Andrew connects that to ADHD, mental health, and building a career that can last. · PowerShell is a starting point for much bigger opportunities. Joshua's story, from community member to module author, reflects a broader theme in the episode that small steps, taken consistently, can completely reshape what kind of work you can do and who you can become in the field. Guest Bio: Gilbert Sanchez is a Staff Software Development Engineer at Tesla, specifically working on PowerShell. Formerly known as "Señor Systems Engineer" at Meta. A loud advocate for DEI, DevEx, DevOps, and TDD. Resource Links: · PSake: https://psake.dev · Gilbert Sanchez links: https://links.gilbertsanchez.com · Gilbert Sanchez blog: https://gilbertsanchez.com Josh is a systems administrator with a philosophy degree and a helpdesk origin story. He's a speaker, open source contributor, creator of ModuleExplorer, and a PDQ Sysadmin Hall of Fame winner. He's a firm believer that the best script is the one you don't keep to yourself. · Joshua Dearing's website: https://dearing.dev The PowerShell Podcast on YouTube: https://youtu.be/XJAbZgOVMF4
With PowerShell + DevOps Global Summit 2026 opening this Monday, April 13th, this episode brings back one of the most respected names in the PowerShell community: Jeff Hicks. Andrew sits down with Jeff to dig into what makes the Summit special, the organic community that grew from those earliest events, and what it actually feels like to watch people go from struggling beginners to confident PowerShell practitioners. They also get into the big question hanging over everyone in IT right now: what does AI actually mean for the future of PowerShell professionals? Jeff shares his take on the "squishy bits" of scripting that AI still can't replicate, why learning the core PowerShell paradigm matters more than ever, and how he personally uses AI as a collaborator rather than a shortcut. It's a conversation about community, craft, and what it means to actually know your tools. Key Takeaways: Learn the foundation first, tools second. Jeff's consistent message over decades of teaching: don't start with Azure commands or specific modules. Start with the PowerShell paradigm — objects, the pipeline, managing at scale — and the rest becomes much easier to pick up over time. AI is a co-pilot, not a replacement. Jeff uses AI to get over specific technical hurdles, not to generate finished code. His concern isn't that AI will write bad scripts — it's that the next generation may skip the foundational learning that lets you recognize when AI gets it wrong. The PowerShell community is genuinely welcoming, and showing up matters. Whether it's Summit, a local user group, or Discord, getting into rooms with other PowerShell people can be a career changer. The hallway conversations are half the value. Guest Bio: Jeff Hicks is a veteran IT professional with 35 years of experience, a long-time Microsoft MVP, and one of the most recognized voices in the PowerShell community. He's the author and co-author of several foundational PowerShell books, a Pluralsight course creator, and the publisher of the premium newsletter Behind the PowerShell Pipeline. He's been teaching and writing about PowerShell since the very beginning and continues to focus on the human side of scripting — the parts that go beyond syntax and into craft. Resource Links: Jeff Hicks' hub (links to everything): https://jdhitsolutions.github.io Behind the PowerShell Pipeline (newsletter & book on Leanpub): https://leanpub.com/behind-the-pspipeline Jeff's Pluralsight courses: https://app.pluralsight.com/profile/author/jeff-hicks Connect with Andrew: https://andrewpla.tech/links PowerShell + DevOps Global Summit 2026 (April 13-16, Bellevue, WA): https://www.powershellsummit.org PDQ Discord (PowerShell scripting channel): https://discord.gg/pdq PowerShell Wednesday (weekly on PDQ's YouTube/Discord): https://www.youtube.com/watch?v=5vdfFswmREQ&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=0gcJCbcEOCosWNin The PowerShell Podcast on YouTube: https://youtu.be/ceB-3QGbvBA
Andrew welcomes back Dual MVP and Intune aficionado Hailey Phillips for a wide-ranging conversation covering her project IntuneStack, the value of DevOps principles in endpoint management, and the mindset behind consistent skill-building. The two dig into conference culture, the importance of community, mentorship, and why showing up every day — even for just ten minutes — matters more than waiting for inspiration to strike. Key Takeaways: IntuneStack in action: Hailey's CI/CD-influenced PowerShell project manages Intune policy deployment across dev, test, and prod groups using promotion gates rather than expensive separate tenants — a more resilient, consistent, and auditable approach to endpoint management. Consistency over inspiration: Whether it's PowerShell, the gym, or mentoring, Hailey's philosophy is the same: stop waiting to feel motivated and just start small. Ten minutes a day compounds over time, and momentum is something you build, not something you wait for. Community is a career asset: Conferences like PowerShell Summit and PSConfEU aren't just about the sessions — they're about building a support system. Having people who can sanity-check your thinking is one of the most underrated advantages in a tech career. Guest Bio: Hailey Phillips is a Systems Engineer, Microsoft MVP, and Professional Pokémon Trainer. She specializes in automation, endpoint management, and modern workplace strategy, bridging the gap between traditional IT and DevOps. Hailey's work focuses on building pragmatic, scalable solutions using tools like PowerShell, Microsoft Graph, Intune, and Azure Arc. When she's not deep in tech, you'll probably find her skiing in the Cascades, lifting heavy things, or at a metalcore show with a strong cup of coffee in hand. Resource Links: Intune Stack on GitHub - https://github.com/AllwaysHyPe/IntuneStack Practical Automation with PowerShell by Matthew Dost - https://www.manning.com/books/practical-automation-with-powershell GliderUI Cross-platform GUIs - https://github.com/mdgrs-mei/GliderUI PDQ Discord - https://discord.gg/pdq Hailey Phillips Website - https://www.allwayshype.com/ Connect with Andrew - https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/L97ePN7UtGY
Andrew welcomes back Morten Mynster for a follow-up conversation that's essentially a highlight reel of one Morten's public journey over the past year. Morten shares updates on three PowerShell modules he's released, including his standout LeastPrivilegedMSGraph module, and walks through a security issue he discovered and responsibly reported to Microsoft. Along the way, Andrew and Morten reflect on how putting your work out publicly can lead to unexpected career wins, how AI is reshaping the way people learn and write code, and why getting hands-on is still the best way to actually understand anything. Morten is also two weeks into a new job as a cybersecurity consultant, which came directly from his open-source work. Key Takeaways: Publishing your work publicly, even to a small audience, creates opportunities that a resume never could. Morten landed a job offer without ever applying, simply because someone found his module on LinkedIn. The best way to learn something technical is still to get hands-on with it. Reading about it is rarely enough, whether that's PowerShell, APIs, or anything else in IT. AI is a powerful accelerator, but over-relying on it without a foundational understanding means you won't be able to fix things when they break, and you risk introducing security vulnerabilities you don't even recognize. Guest Bio: Morten Mynster is a cybersecurity consultant and an active member of the PowerShell and security community. Over the past year, he's published three PowerShell modules focused on Microsoft Graph permissions and actionable messages in Outlook, discovered and reported a security vulnerability to Microsoft, and begun public speaking. He blogs at mynster9361.github.io and is active on LinkedIn and Discord. Resource Links: Andrew's Links: https://andrewpla.tech/links PDQ Discord: discord.gg/PDQ Morten's Blog: mynster9361.github.io Morten on LinkedIn: https://www.linkedin.com/in/mortenmynster/ Least Privileged MS Graph Module (GitHub): github.com/Mynster9361/Least_Privileged_MSGraph Actionable Messages Module (GitHub): github.com/Mynster9361/ActionableMessages Actionable Messages Module blog post: mynster9361.github.io/posts/ActionableMessagesModule PowerShell + DevOps Global Summit: powershellsummit.org PowerShell Conference Europe (PSConfEU): psconf.eu The PowerShell Podcast on YouTube: https://youtu.be/VIEbain7IIg
K-12 IT veteran Chris Thomas joins The PowerShell Podcast to share his 26-year journey in educational technology, from a high school IT internship to becoming an Endpoint Cloud Systems Architect supporting multiple school districts in Michigan. Chris discusses how PowerShell helped him automate identity management, investigate network incidents, and streamline large-scale IT operations across complex school environments. The conversation also dives into mentorship, Don Jones' influence through Be the Master, the value of community involvement, and the mental health challenges IT professionals face. Chris shares practical lessons on automation, presenting at conferences, overcoming imposter syndrome, and how putting yourself out there can open doors throughout your career. Key Takeaways: • PowerShell fundamentals unlock huge opportunities — learning commands like Get-Command, Get-Help, Get-Member, and Get-Module can help you explore and automate almost anything. • Automation is essential in resource-constrained environments like K-12 IT where staff wear many hats and must support large systems with limited manpower. • Community participation accelerates growth — presenting, attending conferences, and contributing scripts can build confidence, connections, and career momentum. Guest Bio: Chris Thomas is an Endpoint Cloud Systems Architect supporting multiple K-12 school districts in Michigan through a regional educational service agency. With more than two decades of experience in educational IT, Chris focuses on automation, endpoint management, and infrastructure architecture. He is an active contributor to the Michigan K-12 technology community, regularly presenting at conferences such as MAEDS and MMS/MOA, and sharing PowerShell scripts and tools through his GitHub projects. Resource Links: Chris Thomas GitHub – https://github.com/chrisATautomatemystuff Connect with Andrew - https://andrewpla.tech/links PowerShell App Deployment Toolkit – https://psappdeploytoolkit.com Learn PowerShell in a Month of Lunches – https://www.manning.com/books/learn-powershell-in-a-month-of-lunches PDQ Discord – https://discord.gg/PDQ MAEDS Conference – https://maeds.org MMS / MOA Conference – https://mmsmoa.com The PowerShell Podcast on YouTube: https://youtu.be/k4n6FWzDPUk
Big thanks to @ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Discover how easily hackers prompt engineer malware in 2026. Kieran Human from ThreatLocker demonstrates bypassing Microsoft Copilot guardrails to write PowerShell ransomware. // Kieran Human's SOCIAL // LinkedIn: / kieran-human-5495ab170 // GitHub page REFERENCE // https://github.com/ztwAdmin/ZTW-2026 // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:17 - Intro 01:00 - Demo 01:37 - Sponsored by Threatlocker 01:55 - Demo continued 07:38 - Where to Find these Tools 08:38 - Disclaimer 09:33 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #threatlocker #copilot #locallm
How do you find insecure permissions in Active Directory before they turn into attack paths?In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg, a free security tool trusted by penetration testers.Misconfigured delegation and overly permissive access rights are a common source of risk in Active Directory environments. These gaps can create hidden attack paths—but many teams don't know where to look or how to interpret what they're seeing.In this episode, we cover:How to identify insecure permissions in Active DirectoryWhat to look for in high-risk users and groups like Domain Users, Everyone, and Authenticated UsersHow these misconfigurations translate into real-world attack pathsHow to use ADeleg to analyze delegated permissions and uncover hidden riskWe also include a reference to ADeleginator, a related tool that can help automate parts of this process using PowerShell. While this episode focuses on hands-on analysis with ADeleg, ADeleginator is a useful companion for scaling this work.Tools referenced:ADeleg: https://github.com/mtth-bfft/adelegBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Security professional Mason Moser joins The PowerShell Podcast to share his journey from discovering PowerShell through Learn PowerShell in a Month of Lunches to building real-world automation tools in a security environment. Mason talks about how starting slowly, returning to PowerShell after a break, and consistently building small tools helped him gain confidence and deepen his skills. The conversation also explores the value of community involvement, overcoming imposter syndrome, presenting technical topics publicly, and practical workflows for security and scripting. Mason discusses using Git with AI-assisted coding, building internal PowerShell tools for teams, and how small daily automation tasks can steadily build long-term PowerShell expertise. Key Takeaways: • Start small and stay consistent — even simple scripts like cleaning up files or automating routine tasks build real PowerShell confidence over time. • Community involvement accelerates learning — asking thoughtful questions, sharing tools, and participating in discussions can dramatically improve your growth. • Git is essential when working with AI-generated code — committing changes frequently makes it easier to review, rollback, and understand modifications AI tools produce. Guest Bio: Mason Moser is a security professional based in Oklahoma who focuses on automation, governance, and risk within the electric utility industry. With a background in programming and security operations, Mason uses PowerShell to build internal tooling, streamline security workflows, and improve operational efficiency. He is an active participant in the PowerShell community and recently presented a PowerShell Wednesday session on Vim and keyboard-driven development workflows. Resource Links: Learn PowerShell in a Month of Lunches – https://www.manning.com/books/learn-powershell-in-a-month-of-lunches PDQ Discord – https://discord.gg/PDQ Connect with Andrew - https://andrewpla.tech/links PowerShell Wednesdays – https://www.youtube.com/@PDQ Vim Editor – https://www.vim.org The PowerShell Podcast on YouTube: https://youtu.be/7EtWrrblKMw
A living off the land attack is one of the sneakiest techniques in a ransomware operator's playbook — and in this episode, Dr. Mike Saylor breaks down exactly what it is, how it works, and what your organization can actually do about it.Instead of bringing their own tools into your environment (which might trip your alarms), attackers just use what's already there. PowerShell. WMI. RDP. The same tools your admins run every single day. To your monitoring systems, it looks completely normal. That's the whole point.Mike and Curtis cover why attackers prefer your tools over their own, how recon can quietly run for 30 to 90 days before the attack goes loud, and what defenders can actually do about it — removing admin privileges, system hardening, golden images, application whitelisting, and free tools like Nmap and Wireshark. There's also a match.com story involving organized crime and a wooden casket on someone's front porch that you really don't want to miss.0:00 - Intro1:21 - Welcome and Book Announcement3:28 - What Is a Living Off the Land Attack?5:38 - Real-World Example: Conti Ransomware and WMI8:12 - Why Attackers Use Your Tools Instead of Their Own13:05 - Admin Privileges: Best Practice vs. Reality17:31 - The Louvre Heist Analogy20:08 - Recon Phase: Low and Slow24:16 - What Defenders Can Do25:55 - RDP and Remote Access29:48 - The Recon Timeline: 30-90 Days30:48 - PowerShell and System Hardening34:10 - Network Discovery Tools (Nmap and Wireshark)37:37 - Application Whitelisting and Geo IP Blocking42:08 - Action Items and Wrap-Up
Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Upon “running the scan,” the user is presented with a fake “Security issues detected” alert and instructed to manually “fix” the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people. Segment Resources: BLOG - Supply Chain Security: How accurate SBOMs can deliver proactive threat mitigation Interview with Jacob Horne CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-449
Returning guest and Microsoft MVP Jim Tyler joins The PowerShell Podcast to talk Zero Trust security, K–12 IT leadership, open-source tooling, and building technology that serves real-world needs. Jim shares how he uses PowerShell to proactively harden school environments, including his Ghost module for endpoint lockdown and his Chrome extension You Shall Not Pass for classroom device management. Beyond security, the conversation dives into Jim's assistive technology project TapSpeak, a free AAC communication app designed to help nonverbal students speak without financial barriers. From community leadership and public service to certifications and content creation, this episode explores how technical skills can scale far beyond scripts—and into meaningful impact. Key Takeaways: • Zero Trust starts with proactive hardening – Tools like Jim's Ghost module help limit lateral movement, restrict protocols, and reduce attack surfaces before incidents occur. • Technical skills are force multipliers – From Chrome extensions to iOS apps, PowerShell knowledge and coding fundamentals translate into broader impact across platforms. • Community contribution compounds over time – Whether serving on public boards, mentoring, or publishing tools for free, consistent service builds trust, opportunity, and long-term influence. Guest Bio: Jim Tyler is an IT Director for Niles Community Schools in Michigan and a Microsoft MVP known for practical automation and security tooling in K–12 environments. He is the creator of the Ghost PowerShell security module, the You Shall Not Pass Chrome extension, and the free AAC communication project TapSpeak. Beyond IT, Jim serves in multiple public leadership roles, coaches youth sports, and actively contributes to the PowerShell community through his newsletter PowerShell News and technical content. Resource Links: • PowerShell News Newsletter – https://powershell.news • Jim Tyler on YouTube – https://www.youtube.com/@jimrtyler • Connect with Andrew - https://andrewpla.tech/links • Ghost PowerShell Module – https://github.com/jimrtyler/ghost • You Shall Not Pass Chrome Extension – https://chromewebstore.google.com/detail/you-shall-not-pass-by-jim/efggnkbeomjjanjmghbadggegjemogee • TapSpeak – https://tapspeak.org • PDQ Discord – https://discord.gg/PDQ The PowerShell Podcast on YouTube: https://youtu.be/0q3Y0mMjWF4
Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a "scan" to remediate the threats. Upon "running the scan," the user is presented with a fake "Security issues detected" alert and instructed to manually "fix" the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people. Segment Resources: BLOG - Supply Chain Security: How accurate SBOMs can deliver proactive threat mitigation Interview with Jacob Horne CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-449
Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a "scan" to remediate the threats. Upon "running the scan," the user is presented with a fake "Security issues detected" alert and instructed to manually "fix" the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people. Segment Resources: BLOG - Supply Chain Security: How accurate SBOMs can deliver proactive threat mitigation Interview with Jacob Horne CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits. Show Notes: https://securityweekly.com/esw-449
Everyone's chasing the next big model drop.
Long-time Microsoft MVP and consultant Richard Hicks joins The PowerShell Podcast to talk about ADCS security, PKI misconfigurations, and why PowerShell is a consultant's ultimate force multiplier. Richard shares real-world stories from auditing enterprise certificate environments, explains how simple template mistakes can lead to full domain compromise, and walks through tools like Locksmith that help administrators quickly identify dangerous configurations. The conversation also explores Richard's open-source PowerShell work, including his widely downloaded Get-UEFICertificate script for Secure Boot certificate expiration issues and his new ADPrincipalCertificate module for cleaning up unnecessary certificates published in Active Directory. Along the way, Richard reflects on career growth, publishing, consulting, and why sharing knowledge openly has been one of the biggest drivers of his long-term success. Key Takeaways: • ADCS is easy to deploy but difficult to secure — Misconfigured certificate templates, especially ESC1 scenarios, can allow instant privilege escalation and domain compromise. • PowerShell turns repetitive work into reusable tools — From UEFI certificate auditing to Active Directory cleanup, scripting creates consistency and prevents human error. • Sharing expertise compounds over time — Blogging, publishing modules, and speaking at conferences builds credibility, community, and long-term career momentum. Guest Bio: Richard Hicks is the founder and principal consultant of Richard M. Hicks Consulting, Inc. A Microsoft MVP with over 30 years of experience, he specializes in secure remote access and PKI, helping organizations deliver secure, high-performing access for today's mobile workforce. Resource Links: Richard Hicks Website – https://richardhicks.com Connect with Richard – https://richardhicks.com/connect Connect with Andrew: https://andrewpla.tech/links Get-UEFICertificate Script – https://www.powershellgallery.com/packages/Get-UEFICertificate ADPrincipalCertificate Module – https://www.powershellgallery.com/packages/ADPrincipalCertificate Locksmith ADCS Audit Tool – https://github.com/jakehildreth/Locksmith PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=Oa0GYX9_vj8&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=sAgC The PowerShell Podcast on YouTube: https://youtu.be/4HYCAjQS2W8
In this episode of The PowerShell Podcast, Andrew Pla sits down with Pablo Correchel, an early-career IT professional who is publicly documenting his PowerShell and learning journey. Just one year into his first help desk role while studying cybersecurity, Pablo shares how consistent practice, sharing what you learn, and embracing beginner questions have accelerated his learning. The conversation explores escaping “tutorial hell,” using AI as a learning tool instead of a shortcut, understanding objects and the pipeline, and why putting yourself out there is one of the fastest ways to grow in tech. This episode is a reminder that you don't have to be an expert to contribute... You just have to start. Key Takeaways: • Learning in public accelerates growth – Sharing small wins and exercises builds confidence, invites mentorship, and creates unexpected opportunities. • Understand the fundamentals deeply – Concepts like objects, the pipeline, Get-Help, Get-Member, and Get-Command form the foundation for long-term PowerShell success. • Use AI strategically – Treat AI as a tutor that challenges you, not a script generator that robs you of learning. Guest Bio: Pablo Correchel is an IT support professional based in Florida and a cybersecurity student at St. Petersburg College. With interests spanning cybersecurity, coding, cloud, and Windows environments, Pablo represents the next generation of IT professionals building skills through curiosity, consistency, and community. Resource Links: • Pablo Correchel on LinkedIn – https://www.linkedin.com/in/pablocorrechel • Connect with Andrew - https://andrewpla.tech/links • PDQ Discord – https://discord.gg/PDQ • Learn PowerShell in a Month of Lunches – https://www.manning.com/series/learn-powershell-in-a-month-of-lunches • PowerShell Wednesdays – https://www.youtube.com/watch?v=YdV6Qecn9v0&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B • The PowerShell Podcast on YouTube – https://youtu.be/JXgEwLfvwkk
On this episode, I go into several stories related to criticism of European Commission regulations, various security related stories, upcoming enhancements for PowerShell and much more! Reference Links: https://www.rorymon.com/blog/criticisms-of-eu-regulations-increase-new-script-library-feature-for-defender-it-nightmare-story/
In this episode of The PowerShell Podcast, Andrew Pla is joined by Tara, a longtime IT professional who has officially started her PowerShell learning journey. Tara shares her honest experience transitioning from a GUI-first mindset to learning PowerShell fundamentals, including objects, verb-noun commands, variables, pipelines, and error messages. The conversation captures the real emotions of learning something new later in a career—confusion, frustration, breakthroughs, and growing confidence. The episode also explores learning strategies like daily practice, flashcards, typing commands instead of copying, and asking “beginner” questions without fear. Andrew and Tara emphasize the importance of community, mentorship, growth mindset, and psychological safety, encouraging listeners that learning PowerShell doesn't require perfection—just consistency, curiosity, and support. Key Takeaways: Learning PowerShell deepens your understanding of IT as a whole, not just scripting, especially through concepts like objects, properties, and methods. Consistency beats intensity — small daily practice, repetition, and typing commands manually build real confidence over time. Community changes everything — asking questions, sharing struggles, and learning publicly makes progress faster and far more enjoyable. Guest Bio: Tara Sinquefield is an experienced IT professional and PDQ team member who is publicly documenting her PowerShell learning journey. Known for her honesty, curiosity, and willingness to ask the questions others may be afraid to ask, Tara represents the many IT pros who are discovering PowerShell later in their careers. Her journey highlights how learning fundamentals can unlock deeper technical understanding, confidence, and new opportunities. She is also a host of PDQ Live every week Resource Links: PDQ Discord – https://discord.gg/PDQ Tara's LinkedIn - https://www.linkedin.com/in/tara-sinquefield-894a1a215/ Connect with Andrew - https://andrewpla.tech/links Tara Writes Her First Script: https://www.youtube.com/watch?v=Oa0GYX9_vj8 PowerShell Conference Europe – https://psconf.eu PowerShell + DevOps Global Summit – https://powershellsummit.org The PowerShell Podcast on YouTube: https://youtu.be/ZaPoS4mGW7s
Welcome to Episode 421 of the Microsoft Cloud IT Pro Podcast. In this episode Ben sits down for a conversation with Frank Lesniak, the lead of the Microsoft 365 team at West Monroe. In this episode, they dive into the intricacies of mergers and divestitures within Microsoft 365 environments. They discuss the initial due diligence phase, planning and approach, building and configuring new environments, and the final migration and cutover phase. Frank shares insights on common challenges such as integration of different licensing models, the handling of workstations and applications, and the importance of security assessments. The episode provides a detailed look at the methodology and tools used by Frank’s team to streamline these complex processes. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Frank Lesniak on LinkedIn West Monroe Frank Lesniak Github Microsoft 365 tenant-to-tenant migrations Microsoft 365 inter-tenant collaboration Tenant life cycle considerations in multitenant solutions Frank Lesniak Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe with nearly 20 years of experience leading consulting engagements involving Microsoft infrastructure technology. His expertise spans modern cloud systems like Azure, Microsoft 365, and Entra ID to classic platforms like Windows Server, Active Directory, and SQL Server. His recent focus has been on Microsoft platform cybersecurity and automating technical processes using PowerShell. In his role, Frank establishes technical project methodologies, leads teams, automates associated processes, and creates internal software products at West Monroe and in the open-source community. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
Microsoft MVP Harm Veenstra, creator of PowerShellIsFun.com, joins The PowerShell Podcast to talk about productivity, consistency, and why PowerShell really is fun. Harm shares how blogging regularly helped accelerate his learning, improve his workflow, and deepen his connection to the community. He also discusses his recent transition to macOS, how he uses PowerShell across Mac, Linux, and Windows, and why modern PowerShell is far more cross-platform than many people realize. The conversation dives into VS Code extensions, GitHub Codespaces, WSL, Nerdfonts, and practical terminal setups, along with honest thoughts on AI-generated scripts, learning the hard way, and why asking questions publicly is one of the fastest paths to growth. Key Takeaways: Consistency beats perfection – Having a repeatable workflow for writing, scripting, or learning makes long-term progress almost automatic. PowerShell is truly cross-platform – Running PowerShell on macOS, Linux, WSL, and containers unlocks powerful workflows beyond Windows-only thinking. Community accelerates everything – Asking questions, sharing small discoveries, and contributing publicly leads to faster learning, confidence, and career growth. Guest Bio: Harm Veenstra is a Microsoft MVP, consultant, blogger, and community contributor best known for PowerShellIsFun.com, where he publishes frequent, practical PowerShell content. He is an active participant in the PowerShell community and a regular conference attendee and speaker. Resource Links: PowerShell Is Fun – https://powershellisfun.com Connect with Andrew - https://andrewpla.tech/links Install Nerdfonts with PowerShell – https://powershellisfun.com/2026/01/30/install-nerdfonts-using-powershell/ GitHub Codespaces – https://github.com/features/codespaces PowerShell Conference Europe – https://psconf.eu PDQ Discord – https://discord.gg/PDQ Fred's Module Building PS Wednesday – https://www.youtube.com/watch?v=ZAjtbZktL8w The PowerShell Podcast on YouTube: https://youtu.be/V6kWnmrHOms
Recently retired PowerShell icon Don Jones joins The PowerShell Podcast for a wide-ranging conversation on career ownership, community leadership, and building a life that aligns with what you actually value. Don reflects on the difference between your job and your career, why investing in yourself pays off, and how asking better questions can change the way you influence decisions at work. The episode also dives into Don's journey as a fiction author, his role in shaping the PowerShell community and Summit culture, and why real success comes from clarity, kindness, and helping others win. Key Takeaways: • Your employer owns your job, but you own your career—define your destination and build the skills to get there. • Strong careers are built on outcomes, not tools—focus on saving time, reducing errors, and delivering measurable business value. • Community scales when you empower others—create space for people to contribute, own wins, and multiply the impact beyond yourself. Guest Bio: Don Jones is a foundational figure in the PowerShell community, known for his decades of teaching, writing, and advocacy for automation and professional growth. A former Microsoft MVP, Don co-authored the widely influential Learn PowerShell in a Month of Lunches series and helped shape community culture through conferences, mentorship, and leadership. Now retired from full-time work, Don continues writing and publishing fiction, bringing the same clarity and craft to storytelling that made his technical teaching so impactful. Resource Links: • Don Jones Website and Books – https://donjones.com Andrew's links: https://andrewpla.tech/links • PowerShell + DevOps Global Summit – https://powershellsummit.org • Tech Impact (nonprofit mentioned) – https://techimpact.org • PowerShell.org – https://powershell.org • PDQ Discord – https://discord.gg/PDQ • PowerShell Wednesdays – https://www.youtube.com/results?search_query=PowerShell+Wednesdays The PowerShell Podcast on YouTube: https://youtu.be/xKh8rqCqMQg
After two months of accumulated Qs, we felt we still had plenty of As to dispense, so we're wheeling back around to a supplemental questions episode this week, touching on such topics as generating negative mileage in an EV, what the iOS low battery mode actually does, tiny network racks for your desk, a shocking amount of discussion about shells like zsh, fish, PowerShell and Nushell, the whereabouts of Intel's successor to the Alder Lake-N... and, for that matter, why (nearly) everything at Intel is a Lake.The Voyager documentary It's Quieter in the Twilight: https://www.youtube.com/watch?v=RIP1p5gAoak Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod
Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution. The research can be found here: ClickFix Gets Creative: Malware Buried in Images Learn more about your ad choices. Visit megaphone.fm/adchoices