Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mamot.fr is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mamot.fr est un serveur Mastodon francophone, géré par La Quadrature du Net.

Administered by:

Server stats:

3.5K
active users

mamot.fr: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#powershell

41 posts38 participants2 posts today
Public
OTX Bot

Russian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing Campaign

A Russian-speaking threat actor has launched a new phishing campaign using Cloudflare-branded pages themed around DMCA takedown notices. The attack abuses the ms-search protocol to deliver malicious LNK files disguised as PDFs. Once executed, the malware communicates with a Telegram bot to report the victim's IP address before connecting to Pyramid C2 servers. The campaign leverages Cloudflare Pages and Workers services to host phishing pages, and uses an open directory to store malicious files. The infection chain includes PowerShell and Python scripts, with incremental changes in tactics to evade detection. The actors' infrastructure spans multiple domains and IP addresses, primarily using Cloudflare's network.

Pulse ID: 67efc6ed5285702a3440969a
Pulse Link: otx.alienvault.com/pulse/67efc
Pulse Author: AlienVault
Created: 2025-04-04 11:47:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Cloud#CyberSecurity#ICS
Public
洪 民憙 (Hong Minhee)

셸 언어는 때로 추하길 요구 받는다

hackers.pub/@hongminhee/2025/s

Hackers' Pub · 셸 언어는 때로 추하길 요구 받는다명령줄 인터페이스(CLI)는 컴퓨터와 상호작용하는 가장 오래된 방식 중 하나다. 그리고 이 인터페이스를 지배하는 것은 셸 언어다. 그런데 흥미로운 점은 셸 언어가 일반적인 프로그래밍 언어들과는 상당히 다른 설계 철학을 따른다는 것이다. 한 마디로 요약하자면, 셸 언어는 때로 “추함”을 받아들여야 한다.간결함의 미학 Bash나 zsh와 같은 전통적인 셸을 보자. grep -r "error" /var/log | wc -l와 같은 명령은 암호처럼 보일 수 있지만, 타이핑하는 데 몇 초밖에 걸리지 않는다. 이러한 간결함은 우연히 생긴 것이 아니다. 셸 환경에서는 사용자가 빠르게 입력하고, 결과를 확인하고, 다시 명령을 수정하는 반복적인 워크플로우가 일반적이다. 여기서 핵심은 “대화형” 경험이다.PowerShell의 딜레마 PowerShell은 마이크로소프트가 셸의 개념을 재정의하려 한 야심찬 시도였다. 객체 지향적 파이프라인, 일관된 동사–명사 구문, 그리고 자세한 매개변수 이름 등은 모두 코드의 가독성과 유지보수성을 높이기 위한 설계였다. 그러나 다음 명령을 비교해보자: Bash:find . -name "*.log" -mtime -7 \ | xargs grep "error" \ | sort \ | uniq -c<PowerShell:Get-ChildItem -Path . -Filter *.log ` | Where-Object {$_.LastWriteTime -gt (Get-Date).AddDays(-7)} ` | ForEach-Object {Select-String -Path $_.FullName -Pattern "error"} ` | Sort-Object ` | Group-Object ` | Select-Object Name,Count<PowerShell의 명령은 더 명확하고 자기 설명적이지만, 대화형 셸에서 빠르게 실험하고 반복하기에는 너무 장황하다. PowerShell 설계자들은 “추함”을 견디지 못하고 너무 많은 “다림질”을 해버린 것이다.균형점 찾기 흥미롭게도 최근의 Nushell 같은 현대적인 셸은 이 교훈을 받아들이고 있다. 구조화된 데이터 처리와 같은 PowerShell의 장점을 가져오면서도, 대화형 사용에 필요한 간결함을 유지하려 노력한다. 셸 언어의 진정한 성공은 “아름다운 코드”와 “효율적인 상호작용” 사이의 균형에 달려 있다. 이는 때로 완벽한 문법이나 일관성보다는 실용적인 “추함”을 수용해야 함을 의미한다.결론 프로그래밍 언어의 세계에서는 우아함과 일관성이 미덕이다. 그러나 셸의 세계에서는 타이핑 효율성, 속도, 그리고 대화형 적합성이 우선시된다. 이것이 바로 셸 언어가 때로 “추함”을 요구받는 이유다. PowerShell의 제한적인 성공은 이 기본적인 진실을 간과한 데서 비롯된 것일지도 모른다. 그리고 어쩌면 이것은 소프트웨어 설계 전반에 걸친 더 깊은 교훈을 담고 있다: 모든 도구는 그 사용 맥락에 맞게 설계되어야 한다는 것이다. 셸 언어에서는 그 맥락이 바로 키보드와 사용자 사이의 빠른 대화다.
#shell#powershell#bash
Public
SP⟁CED GO⟁T

It's really aggravating me that you can run a single `Select-String` command in #PowerShell with a nifty regex and parse through hundreds of files to pull out all the data you want and even pipe it to `Select` and have a nicely formatted table of the output but there seems to be no simple way to show just the value of the match instead of the full string. So I'll either need to write a more complicated script I guess or post process in Excel maybe. Or, I'm still too dumb to use PowerShell well.

Public *
B'ad Samurai 🐐

Bingo! Lots of modern techniques were tapped in this Unit 42 Timely threat intel repo:

  • Adware affiliates on South African TLD .za, routing to a CrimeFlare TDS with short-lived URL params
  • After expiration, they appear as benign "blogs"
  • MSI files are different for each download
  • MSI files do not work outside the infection chain
  • MSI download pages are all .com and while odd they are readable word combinations.
  • Win+R ClickFix technique, but in this case they are loading curl which in PS5 is an alias of Invoke-WebRequest. This can be seen with gal -Definition Invoke-WebRequest wget is also an alias and were removed in v7.

github.com/PaloAltoNetworks/Un

#threatintel#infosec#blockthis
Public
SP⟁CED GO⟁T

I don't know #PowerShell very well. I found a blog post with a script that seemed to do what I was looking for and with a few small tweaks it's almost exactly what I need. But I have two things I'm wondering if anyone can point me in the right direction on.

1. I don't really undertand exactly what lines 4 and 5 are doing. I believe these are storing results in an object (array?). But I'm not sure exactly how this works or why there is Matches and then Values.

/1

Screenshot of a small powershell script: Get-ChildItem *.htm ` | Get-Content ` | Select-String -Pattern 'href="page:.*\/"' -AllMatches ` | % { $_.Matches } ` | % {$_.Value } ` | Sort-Object ` | Get-Unique ` | Out-File -FilePath "C:\temp\NavLinks.txt"
Public
Leanpub

Behind the PowerShell Pipeline: Discovering What You Didn't Know You Needed to Know leanpub.com/behind-the-pspipel by Jeff Hicks is the featured book on the Leanpub homepage! leanpub.com #PowerShell #books #ebooks JeffHicks@techhub.social

Learn the undocumented and unknown aspects of PowerShell from one of the original PowerShell experts that will help be a more effective PowerShell user and a better PowerShell toolmaker.

Find it on Leanpub!

Public
Christoffer S.

(trendmicro.com) A Deep Dive into Water Gamayun's Arsenal and Infrastructure trendmicro.com/en_us/research/

Executive Summary:
This research provides a comprehensive analysis of Water Gamayun (also known as EncryptHub and Larva-208), a suspected Russian threat actor exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console. The threat actor employs sophisticated delivery methods including malicious provisioning packages, signed MSI files, and Windows MSC files to deploy multiple custom payloads. Their arsenal includes custom backdoors (SilentPrism and DarkWisp), multiple variants of the EncryptHub Stealer, and known malware like Stealc and Rhadamanthys. The research details the C&C infrastructure, data exfiltration techniques, and persistence mechanisms used by the group. Trend Micro researchers gained access to the C&C server components, enabling them to analyze the architecture, functionality, and evasion techniques employed by the threat actor.

Trend Micro · A Deep Dive into Water Gamayun's Arsenal and InfrastructureTrend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.
#Cybersecurity#ThreatIntel#PowerShell
ExploreLive feeds
About