Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...
Bitdefender

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
note

Feature to select specific multiple files in a folder, retrieve their paths and filenames, and include them in a report [PowerShell]

When I finish a task at work and report it to my boss or colleagues, I use Teams chat, and I need to include the file storage location and filename in those messages. While I can reuse report ...
note

AI Starts Running Just by Turning on Your PC — How to Build a watchdog + Cloudflare Tunnel Auto-Start Infrastructure

It is a waste of time to manually launch services every time you restart your PC. "Open the terminal, run the script, start the tunnel, copy the URL, open LINE Developers..." If you do this every ...
GitHub

powershell_fileless_script_contains_base64_encoded_content.yml

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
GitHub

allow_inbound_traffic_in_firewall_rule.yml

description: The following analytic detects a suspicious PowerShell command that allows inbound traffic to a specific local port within the public profile. It leverages PowerShell script block logging ...