WinRM Archives

Winsage

October 20, 2025

5 PowerShell tricks that beat Bash on Windows

Bash is the preferred shell for many developers in Linux environments due to its robust capabilities and flexibility. PowerShell is gaining popularity on Windows for its modern functionalities, user-friendly interface, and integration with the operating system. PowerShell handles output as objects, allowing for easier data manipulation compared to Bash, which outputs plain text. PowerShell can interact with system-level components like the registry and services, enabling tasks such as querying startup applications or managing services directly. It features cmdlets that follow a Verb-Noun syntax, making commands intuitive and reusable, and supports modules for enhanced functionality. PowerShell also excels in file management and offers remoting capabilities, allowing command execution on remote machines without third-party tools. Overall, PowerShell provides better scripting and ease of use for Windows users compared to Bash.

Winsage

October 20, 2025

Windows 10 KB5066791 last update without ESU, direct download links (.msu)

Windows 10 KB5066791 is the final update for users not opting for Extended Security Updates (ESU). It addresses several bugs, primarily benefiting enterprise users, while providing minimal enhancements for consumers. The update is distributed via Windows Update, with direct download links available for manual installation. Upon installation, users may not notice visible changes, and it appears as “2025-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5066791).” Windows 10 Build 19045.6456 does not introduce significant new features but fixes issues, including a correction for the Chinese Input Method Editor (IME) and a bug affecting Windows Remote Management. A new servicing stack update has been introduced, and the legacy driver tmdm64.sys has been removed. Security has been enhanced with a requirement for Key Storage Provider (KSP) smart card certificates, which may cause issues with smart cards in older 32-bit applications. Microsoft has confirmed that KB5066791 can lead to smart card failures, particularly in older programs, and has provided registry modification steps for users to potentially resolve this issue. The first security update for users opting for Windows 10 ESU is scheduled for November 11, 2025. Users can enroll through the Windows Update page or purchase a paid option through the Windows Store for .99, extending updates until October 13, 2026.

AppWizard

May 11, 2025

Scrutinizing the security of messaging apps continues.

Customs and Border Protection (CBP) and the White House are facing scrutiny over security vulnerabilities in their messaging application. Hacktivists breached GlobalX, the airline handling U.S. deportation flights, exposing sensitive flight manifests. The FBI warned about threats exploiting outdated routers. Pearson confirmed a cyberattack compromising customer data. Research shows cybercriminals are using Windows Remote Management (WinRM) for lateral movements in Active Directory environments. A new email attack campaign is delivering a Remote Access Trojan (RAT) via malicious PDF invoices. A zero-day vulnerability in SAP NetWeaver allows remote code execution, affecting multiple sectors. An Indiana health system reported a data breach affecting nearly 263,000 individuals.

Winsage

May 10, 2025

Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network

Threat actors are exploiting Windows Remote Management (WinRM) to navigate through Active Directory environments stealthily, allowing them to bypass detection systems, escalate privileges, and deploy malicious payloads. WinRM operates on HTTP port 5985 and HTTPS port 5986, enabling remote command execution and management tasks. Attackers can gain access through compromised credentials and use WinRM-enabled PowerShell commands for reconnaissance, deploying payloads while evading detection. The attack chain includes initial access, reconnaissance, payload deployment, persistence, and lateral movement, often utilizing techniques that obfuscate malicious activities. Detecting such attacks is challenging due to the use of built-in Windows functionalities and encrypted channels. Recommended mitigation strategies include monitoring for unusual activity, restricting WinRM access, enforcing credential hygiene, and implementing advanced monitoring solutions.