PowerShell Front-End for Windows Debugger Engine: DbgShell

The main impetus for DbgShell is that it’s just waaaay too hard to automate anything in the debugger. There are facilities today to assist in automating the debugger, of course. But in my opinion they are not meeting people’s needs. Using the built-in scripting language is arcane, limited,...

Ikeext-Privesc - Windows IKEEXT DLL Hijacking Exploit Tool

This tool is intended for automatically detecting and exploiting the IKE and AuthIP IPsec Keyring Modules Service IKEEXT Missing DLL vulnerability. Description A major weakness is present in Windows Vista, 7, 8, Server 2008, Server 2008 R2 and Server 2012, which allows any authenticated user to...

After upgrading Windows on a PVS server, PowerShell snapins are no longer shown

After upgrading a PVS server from Windows Server 2008 R2 to Windows Server 2019, it was observed that none of the PVS PowerShell snapins were registered. Tools like the App Layering Agent that attempted to use those those PowerShell cmdlets failed, though they had worked before the upgrade...

Learning PowerShell: The basics

I bet I went about learning PowerShell the wrong way, so I may need your help, readers of this blog. If only to organize my knowledge and use it for the fight against malware and not just to figure out how it was used in malware. The first serious look I had at PowerShell was when I was trying to...

An update is available for System Center Advisor: May 2012

An update is available for System Center Advisor: May 2012 Summary Microsoft has released the on-premises client Update Rollup 1 for Microsoft System Center Advisor. This update is dated May 22, 2012. This article describes the following information about the update: The issues that the update...

Incident Response Suite: CimSweep

Incident Response Suite used to engage in offensive reconnaissance CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaisance without...

[PoshSec Framework v0.2] Graphical Interface for Powershell scripts

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, functions, modules, and cmdlets. It allows the community to write scripts that can interact with the interface by providing alerts, and output directly from their powershell scripts. This...

Tips for DAG Exchange Backup and Replication in vSphere

vSphere Snapshot Improvements This article was initially written when vSphere 5 snapshot operations were known and expected to cause small amounts of I/O stun to a VM's guest OS. Improvements in the latter vSphere versions, including significant changes to snapshot operation methodology in vSpher...