Jump to content

Search the Community

Showing results for tags 'powershell'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 5 results

  1. Microsoft warns of critical PowerShell 7 code execution vulnerability Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in .NET 5 and .NET Core. PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets. It runs on all major platforms, including Windows, Linux, and macOS, and it allows working with structured data such as JSON, CSV, and XML, as well as REST APIs and object models. "Update as soon as possible" The company says no mitigation measures are available to block exploitation of the security flaw tracked as CVE-2021-26701. Customers are urged to install the updated PowerShell 7.0.6 and 7.1.3 versions as soon as possible to protect their systems from potential attacks. Microsoft's initial advisory also provides developers with guidance on updating their apps to remove this vulnerability. "The vulnerable package is System.Text.Encodings.Web. Upgrading your package and redeploying your app should be sufficient to address this vulnerability," Microsoft explained in April when the security flaw was patched. Any .NET 5, .NET Core, or .NET Framework-based app using a System.Text.Encodings.Web package version listed below is exposed to attacks. Package Name Vulnerable Versions Secure Versions System.Text.Encodings.Web 4.0.0 - 4.5.0 4.5.1 System.Text.Encodings.Web 4.6.0-4.7.1 4.7.2 System.Text.Encodings.Web 5.0.0 5.0.1 While Visual Studio also contains the binaries for .NET, it is not vulnerable to this issue, according to Microsoft's security advisory. The update is offered to include the .NET files so that apps built using Visual Studio including .NET functionality will be protected from this security issue. "If you have questions, ask them in GitHub, where the Microsoft development team and the community of experts are closely monitoring for new issues and will provide answers as soon as possible," Microsoft added. Microsoft has also recently announced that it would be making it easier to update PowerShell on Windows 10 and Windows Server by releasing future updates through the Microsoft Update service. Update: Added a link to Microsoft's warning to install the updated versions ASAP. Microsoft warns of critical PowerShell 7 code execution vulnerability
  2. Microsoft will release future PowerShell updates via Windows Update Microsoft is making it easier to update PowerShell on Windows 10 and Windows Server devices by releasing future updates through the Microsoft Update service. PowerShell provides users with a command-line shell, a scripting language focused on automation, and a framework for processing PowerShell cmdlets. It runs on all major operating systems, including Windows, Linux, and macOS, and it allows working with structured data such as JSON, CSV, and XML, as well as object models and REST APIs. Microsoft has already started working on a PowerShell release that will upgrade 7.2 preview.5 and later to 7.2 preview.7 through Microsoft Update. Still, it will only be pushed after releasing an update on GitHub due to the significant changes to the update process and the additional validation required. "In the past, Windows users were notified in their console that a new version of PowerShell 7 is available, but they still had to hop over to our GitHub release page to download and install it, or rely on a separate package management tool like the Windows Package Manager, Chocolatey, or Scoop," said PowerShell Senior Software Engineer Travis Plunk. "But with Microsoft Update, you’ll get the latest PowerShell 7 updates directly in your traditional Windows Update (WU) management flow, whether that’s with Windows Update for Business, WSUS, SCCM, or the interactive WU dialog in Settings." PowerShell command-line shell How to upgrade PowerShell via Microsoft Update To update PowerShell via Microsoft Update, your computer needs to run Windows 10 RS3 (10.0.16299) or later together with PowerShell 7.2 (preview 5 or 6). You're also required to configure your device to receive updates for Microsoft products. You can enable to feature by going to Settings > Windows Update > Advanced options and toggling on "Receive updates for other Microsoft products when you update Windows." You also need to opt-in to use Microsoft Update for PowerShell 7 updates by running a script available here. Once the PowerShell team releases the PowerShell 7.2 preview.7 update, you will be able to upgrade through the standard Windows update process. To keep PowerShell up to date, you will need to go to Start > Settings > Update & Security > Windows Update and then click Check for updates. "With today’s announcement, you’ll soon be able to try this new update process for yourself on the latest PowerShell 7.2 previews," Plunk added. Microsoft provides more info on how to test new installs of PowerShell 7.2 preview and to report any issues you encounter in today's announcement. Microsoft will release future PowerShell updates via Windows Update
  3. Microsoft announces PowerShell 7.1, you can now get it from Microsoft Store Microsoft just announced the general availability of PowerShell 7.1, the latest major update to PowerShell 7. The update includes several fixes and improvements over version 7. For PowerShell 7.1, we decided to build on the foundation established in PowerShell 7.0 with a strong focus on community issues, especially where we could make additive changes and quality-of-life improvements without introducing instability or breaking changes. As a platform with over 115 million sessions per month, we’re absolutely committed to ensuring that PowerShell remains a stable and performant platform, even after significant version upgrades like 7.1. PowerShell 7 is supported on the following operating systems. Windows 7, 8.1, and 10 Windows Server 2008 R2, 2012, 2012 R2, 2016, and 2019 macOS 10.13+ Red Hat Enterprise Linux (RHEL) / CentOS 7+ Fedora 29+ Debian 9+ Ubuntu 16.04+ openSUSE 15+ Alpine Linux 3.8+ ARM32 and ARM64 flavors of Debian and Ubuntu ARM64 Alpine Linux You can download the latest version of PowerShell from GitHub, or you can also download and install it from the Microsoft Store. Microsoft announces PowerShell 7.1, you can now get it from Microsoft Store
  4. The cyberspies have ramped up their efforts with refreshed hacking tools. A cyberespionage group believed to be from Russia is once again striking political targets, and this time, PowerShell scripts have been weaponized to increase the power of their attacks. Turla, also known as Snake or Uroburos, has been active since at least 2008. The advanced persistent threat (APT) group was previously linked to a backdoor implanted in Germany's Federal Foreign Office for the purposes of data exfiltration in 2017, alongside attacks against the US military, a defense contractor, and a variety of European government entities. The Russian hacking group is rarely quiet for long, and now, the APT has returned with a fresh wave of attacks against diplomatic entities in Eastern Europe. Previous attacks believed to be the work of Turla. Kaspersky Labs According to researchers from ESET, Turla has recently employed PowerShell scripts. The scripts allow "direct, in-memory loading and execution of malware executables and libraries," the team says, which can also help them circumvent discovery on victim machines when a malicious executable is dropped on to a disk. The use of PowerShell is not completely foreign to Turla. Last year, Kaspersky Labs said the APT was experimenting with PowerShell in-memory loads to bypass security protections, in the form of a customized open-source PoshSec-Mod system. Turla's loader was based on the legitimate PoshSec-Mod software, but in 2018, the custom code was considered flawed and would often crash due to bugs. ESET says that now, a year later, it seems most of the cracks in the system have been smoothed over. Turla has now improved its use of PowerShell and is using scripts to load an array of malware. However, the scripts in question are not considered simple droppers as they are able to "persist on the system as they regularly load into memory only the embedded executables," according to ESET. The PowerShell loader uses both a Windows Management Instrumentation (WMI) event subscription and alters the PowerShell profile (profile.ps1 file) to maintain persistence on an infected system. In total, two WMI event filters and two WMI event consumers are created, of which the consumers are simple command lines to load PowerShell into the Windows registry. When it comes to decrypting payloads stored in the registry, the 3DES algorithm is used. Once decrypted, a PowerShell reflective loader then comes into play. "The executable is hardcoded in the script and is loaded directly into the memory of a randomly chosen process that is already running on the system," the researchers say. However, the selection process is not completely random as some processes, including avp.exe, avpsus.exe, klnagent.exe and vapm.exe, are excluded. These processes specifically refer to legitimate Kaspersky anti-virus protection software, which may indicate exclusion to avoid detection. In some samples, ESET also found that Turla's PowerShell script had been modified to bypass the Antimalware Scan Interface (AMSI), a Windows feature which permits the OS to integrate with antivirus products. Ithe script is also able to patch the AmsiScanBuffer process, which prevents the antivirus product from being able to perform any malware scans. The PowerShell loader is used to launch malware including a backdoor based on the RPC protocol which is able to exfiltrate data, facilitates the execution of commands, and support plugins for additional malware modules. "Many variants of this RPC backdoor are used in the wild," ESET says. "Among some of them, we have seen local proxies (using upnprpc as the endpoint and ncalrpc as the protocol sequence) and newer versions embedding PowerShellRunner to run scripts directly without using powershell.exe." A PowerShell backdoor is also available for download. Known as PowerStallion, the lightweight backdoor uses cloud storage -- such as Microsoft OneDrive -- as a form of command-and-control (C2) server. The researchers believe the backdoor is included as a recovery access tool for the major Turla backdoor. Earlier this month, the company discovered the existence of another major backdoor used by Turla. Dubbed LightNeuron, the malware has been specifically designed for Microsoft Exchange email servers and works as a mail transfer agent (MTA). ESET says that while the PowerShell scripts have been used against political targets in Eastern Europe, the cybersecurity firm believes "the same scripts are used more globally against many traditional Turla targets in Western Europe and the Middle East." Source
  5. Look up hard disk information with PowerShell Windows PowerShell is quite powerful when it comes to looking up hard disk information. While you may look up some information in Windows directly, e.g. in Disk Management, or by using third-party programs like Hard Disk Validator, Disk Checkup, or DiskBoss, using PowerShell is a quick and easy option as well. Hard disks are essential on Windows as they store operating system data and user data. The devices don't last forever, and a hard disk failure can easily lead to all sorts of issues including data loss if backups are not available (or corrupt). PowerShell comes with several commands that return information about connected internal and external storage devices. You may start a new PowerShell console by opening Start, typing Powershell, and selecting the item from the list of results. The commands don't require elevation to run. Option 1: Retrieve general information The command: get-wmiobject -class win32_logicaldisk Run the command get-wmiobject -class win32_logicaldisk to look up core information about each connected hard drive. The command returns drive letters and types, the overall size and free space in bytes, and the volume name. Drive type uses a numerical code: 0 -- Unknown 1 -- No Root directory 2 -- Removable Disk 3 -- Local Disk 4 -- Network Drive 5 -- Compact Disc 6 -- Ram Disk You may use filters to display only select drive types, e.g. Get-WmiObject -Class Win32_logicaldisk -Filter "DriveType =4" to display network drives only. Option 2: Retrieve hard drive properties The command: wmic diskdrive get The core command wmic diskdrive get needs to be followed by one or multiple properties. The command wmic diskdrive get Name,Model,SerialNumber,Size,Status returns names, model types, serial numbers, the overall size in bytes, and the status for all connected hard drives. Other properties that you may retrieve include InstallDate, InterfaceType, FirmwareRevision, DefaultBlockSize, CompressionMethod, Capabilities, Availability, LastErrorCode, or PowerManagementCapabilities. Just add, replace, or remove any property from the command to create a custom one. Closing Words The PowerShell commands may be useful in certain situations. Apart from use in scripts, you may use them to quickly look up the status of all drives, look up serial numbers or error codes, or capabilities. Some users may prefer to use a program with a graphical interface like Crystal DiskInfo for that, and that is perfectly fine as well. Source: Look up hard disk information with PowerShell (gHacks - Martin Brinkmann)
×
×
  • Create New...