Powershell Blog
Jahed Stetter
I ran into this somewhere during this week. I wanted to have different PowerShell profiles for other applications. (I don't need all my functions and scripts being loaded in every PowerShell session or by a Scheduled Task) In this blog post, I will show you how to change your PowerShell profiles and make them specific for an application.
I was working on a user provisioning script for a customer, and he asked if I could copy all Shared Mailbox permissions of a template user to the new user. (It was something that was quickly forgotten during the user creation process) Sure, because PowerShell ? In this blog post, I will show you how to retrieve Full Access permissions and copy them (Including Send As) to another user.
One thing I get asked often is where I can learn things about PowerShell. How do you keep up with the latest things? In this blog post, I will show you a few resources which I use to see what's new ?
I ran into an issue where one of my Exchange scripts didn't work, "a parameter could not be found that matches the parameter..." Strange error because the parameter is there... Or is it? In this blog post, I will show you how Get-ManagementRole works in Exchange and how it can help you with issues like this.
I have a lot of Windows Services on my Windows 11 laptop, mainly from Microsoft itself or third-party, but Microsoft signed are safe(r). In this blog post, I will show you how you can scan your system for non-Microsoft signed Windows Services and create a report on those.
I used Microsoft Graph X-Ray as a tool for getting the PowerShell cmdlets needed for scripting specific actions in the Azure / Entra ID portal in the past. But you can also use it for Intune ? In this blog post, I will show you how this works.
I'm so happy that this website passed the 250.000 views mark today! ? The first post was on April 21 of last year (2022), and the amount of views has been growing ever since! This blog post will tell you how and why I started the website.
We routinely remove inactive blogs and those which are no longer relevant to a given list. List is updated as we receive new blog submissions and re-ranked every few weeks. We also take direct feedback from users to make changes to the lists.
Feedspot has a team of over 25 experts whose goal is to discover and rank popular blogs, podcasts and youtube channels in several niche categories. With millions of blogs on the web, finding influential bloggers in a niche industry is a hard problem to address. Our experience leads us to believe that a thoughtful combination of both algorithmic and human editing offers the best means of curation.
Mandiant is continuously investigating attacks that leverage PowerShell throughout all phases of the attack. A common issue we experience is a lack of available logging that adequately shows what actions the attacker performed using PowerShell. In those investigations, Mandiant routinely offers guidance on increasing PowerShell logging to provide investigators a detection mechanism for malicious activity and a historical record of how PowerShell was used on systems. This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.
As we increasingly depend on open-source projects and registries, the security risks associated with them become more prominent. It's crucial that flaws, like those highlighted in this blog, are addressed promptly. We urge all users to exercise caution when downloading modules/scripts from registries like the PowerShell Gallery.
In this episode of the PowerShell Podcast, we are joined by community member Christian Ritter. We talk about PSConfEU and the importance of community. Christian shares his blogging secrets and insights into his growth in PowerShell over the years. From using Microsoft Graph to teaching PowerShell at work, this episode has all that and more!
This blog is dedicated to using those cmdlets and helping to administer ProjectWise with the power and capabilities of PowerShell. I will be posting methods, scripts, functions, etc. which should make administering ProjectWise faster and easier.
November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For more information, review the Exchange Team blog.
Option 1: For customers who have the Exchange Emergency Mitigation Service (EEMS) enabled, Microsoft released the URL Rewrite mitigation for Exchange Server 2016 and Exchange Server 2019. The mitigation is enabled automatically and is updated to include the URL Rewrite rule improvements. Please see this blog post for more information on this service and how to check active mitigations.
So far, we have discovered that an authenticated user can access the Exchange PowerShell backend. We will now proceed to the second part of this blog post to discuss how this can be exploited for remote code execution.
If you are looking at scripts for Microsoft Teams from a blog (like this one) I would recommend checking them against MicrosoftTeamsPowerShell Module Microsoft Docs. This helps you learn more about the scripts but also lets you check the cmdlets (commands) you intend to use are still valid.
This blog series is designed to support those studying for the MS-700 exam to appreciate how to do many of the tasks in the course using PowerShell. As such I have divided it down into the course modules, which also help other trainers when they are delivering.
If you are following the Power BI blog on a regular basis, you probably have noticed the Power BI APIs and cmdlets announcement for administrators, which introduced a set of APIs and cmdlets to work with workspaces, dashboards, reports, datasets, and so forth in Power BI. But there is much more to this than could be covered in a brief announcement. For starters, the management cmdlets are not just for administrators; they are also for Power BI users and developers. This article takes a closer look to show you how to take advantage of these cmdlets provided your profile fits any of the following target groups:
You can find this Microsoft-backed GitHub repo at -powershell. If you are interested in helping build cmdlets for Power BI, check out Contribute Code to PowerShell Cmdlets for Power BI and come on board as a project member. Or simply report any issues you encounter at -powershell/issues. All help is greatly appreciated.
James is a consultant from the UK, specializing mainly in end-user computing, Active Directory and client-side monitoring. When not implementing projects for his company HTG, he can often be found blogging, writing technical articles and speaking at conferences and user groups.
Recently, the Zscaler ThreatLabz team saw the start of a campaign featuring a new multistage payload distribution technique for the well-known banking Trojan named Ursnif (aka Gozi aka Dreambot). The malware has been around for a long time and remains active leveraging new distribution techniques. In this blog, we will analyze one of the recent campaigns.
This blog will demonstrate how to download Empire, a PowerShell post-exploitation tool, in Kali Linux, create a script, make a connection back to your machine from the victim machine without Windows Defender blocking it, elevate privileges, and extract password hashes using Mimikatz. It is a versatile and useful tool that every penetration tester should have in their arsenal.
The combination of these techniques underscores the sophistication of modern cyber threats, emphasizing the need for robust cybersecurity measures, user education, and proactive defense strategies to safeguard against evolving attack vectors. CRIL will continue monitoring the new malware strains and phishing campaigns in the wild and update blogs with actionable intelligence to protect users from such notorious attacks.
There are several different articles available providing guidance for connecting to the various Microsoft Office 365 Online services via PowerShell. They range from examples like an older blog post written specifically for Lync Online to new, updated guidance from Microsoft on how to access multiple services in a single console. The older approaches utilized the original requirements of manually downloading and installing several different PowerShell modules via traditional Windows Installer packages which were created for connecting to services like Lync Online and Exchange Online. There even use to be a separate download required simply to authenticate into Office 365 first using the original Organizational ID (Org ID) online authentication model.
Microsoft currently recommends using the newer v2 module, but that does not currently include any of the cmdlets provided in the v1 module. So, it is not feasible to simply use only the newer Azure AD module when it does not also include all the older functionality. For many of the management tasks covered on this blog for services like Skype for Business it is still required to execute several MSOnline cmdlets, thus both the v1 and v2 would be leveraged. In fact, only the v1 module is really needed in most of the currently documented Skype for Business configuration and management processes as they all utilize the -Msol cmdlets, and not the newer -AzureAD cmdlets. If in the future some of that guidance is updated then make sure to leverage the appropriate modules.
The following can be inserted into a .ps1 file to create a basic batch process for connecting to all four services in succession. Due to the way that Modern Authentication does not allow token sharing between the various modules then the authentication prompts will still appears between each connection attempt. Some of the Connect cmdlets support providing the User Principal Name in-line while others do not. To attempt to incorporate these newer modules into custom scripts to further automate the process take a look at these other blog articles.
aa06259810