PowerShell.fyi Blog

WDigest credential harvesting

WDigest, a legacy authentication protocol that is still in use on many corporate networks, presents opportunities for attackers to acquire passwords. Its abuse essentially nullifies…

Read more

Operation Soft Cell

Operation Soft Cell is a series of attack campaigns publicly reported to have been active as early as 2012. These campaigns have targeted telecommunication providers…

Read more

Zacinlo (Detrahere) rootkit

On June 18, 2018, Bleeping Computer reported how a Zacinlo rootkit was impacting Windows 10 machines. Upon investigation, Microsoft security researchers found a few spikes…

Read more

ALPC local privilege elevation

Executive summaryMicrosoft has released security updates to address a vulnerability in Windows that can be used by a non-admin user to elevate privileges and obtain…

Read more

BadRabbit

Executive summaryAround 08:00 UTC on October 24, 2017, widespread reports of a new ransomware campaign began circulating on social media. The majority of affected users…

Read more