Going live for #PowerShell Wednesday with Greg Martin at 2pm ET.

Today we are learning about text manipulation in PowerShell. Logs, configs, text of any kind.

Join us live or watch after-the-fact

https://www.youtube.com/watch?v=uWfSbuYnpFA

XiebroC2 Identified in MS-SQL Server Attack Cases

A recent attack on a poorly managed MS-SQL server involved the use of XiebroC2, an open-source C2 framework similar to CobaltStrike. The attackers exploited vulnerable credentials, installed JuicyPotato for privilege escalation, and then deployed XiebroC2 using PowerShell. XiebroC2 supports various features including remote control, information collection, and defense evasion across multiple platforms. The malware collects system information and connects to a C&C server for command execution. To protect against such attacks, administrators are advised to use complex passwords, regularly update them, keep security software current, and implement firewalls to restrict external access to publicly accessible database servers.

Pulse ID: 68dcd9f8b0915d06d4e69057
Pulse Link: https://otx.alienvault.com/pulse/68dcd9f8b0915d06d4e69057
Pulse Author: AlienVault
Created: 2025-10-01 07:36:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CandC #CobaltStrike #CyberSecurity #InfoSec #MSSQL #Malware #OTX #OpenThreatExchange #Password #Passwords #PowerShell #RAT #RCE #SQL #Word #bot #AlienVault

Woah. I just ran into a weird issue with #PowerShell that took me a bit to work around.
I have a .Net DLL with some PowerShell Cmdlets that I want to load. The problem is that the profile.ps1 already loads a much newer version of the same DLL from another path.
This here

will not work!!! It will just load the newer version instead, even if I specify the full path to the other DLL.
What I ended up doing instead was this

. Maybe this is helpful for someone else.