A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'.

Abstract: As cyber attacks become more sophisticated, attackers increasingly employ living-off-the-land techniques to evade detection and exploit victim systems, with PowerShell emerging as a primary ...

Windows security updates tend to conjure thoughts of operating system vulnerabilities, including zero-days, being patched or even unexpected failures with serious consequences. This security update, ...

PS2EXE installs through the PowerShell Gallery, so you can set it up quickly. Open Windows Terminal or PowerShell as administrator. Run the module installation command: Install-Module -Name PS2EXE ...

A PowerShell script using WBAdmin can create full system backups of Windows 11, offering a simple, scriptable alternative for advanced users. Over the last couple of years, I have written a few blog ...

The AD ServiceAccount Manager is a powerful PowerShell script and tool designed to streamline the management of service accounts in an Active Directory environment. It simplifies the creation, ...

This script automates the setup of Java, Git, VSCode, Node.js, Maven, Gradle, etc., with the configuration of JAVA_HOME. June 22, 2025 update : It has been made GUI-based. Along with that, it has been ...

I'm currently trying to get a few Powershell scripts to run via Intune to Windows 11 Pro laptops. The Powershell scripts run fine when tested via local Powershell but Intune doesn't seem to do ...

Attackers are increasingly abusing sanctioned tools to subvert automated defenses. Tracking your Windows fleet’s PowerShell use — especially consultant workstations — can provide early indications of ...

Remcos RAT gets a stealthy upgrade as attackers ditch old office exploits for a fileless PowerShell loader that runs entirely in memory. Threat actors have been spotted using a PowerShell-based ...