Lee Holmes
@leeholmes.com
Partner Security Architect, Azure Security. PowerShell developer, fanatical hobbyist, and author of the PowerShell Cookbook.
Was in a discussion with somebody once about their horse, and the conversation included the phrase, "and before you know it, you're in it for a million bucks."
October 10, 2025 at 12:11 AM
Was in a discussion with somebody once about their horse, and the conversation included the phrase, "and before you know it, you're in it for a million bucks."
Tower: "Caution, wake turbulence"
September 24, 2025 at 7:45 PM
Tower: "Caution, wake turbulence"
On close final to a runway, especially at night, is one of the universe's most beautiful views
September 12, 2025 at 4:23 PM
On close final to a runway, especially at night, is one of the universe's most beautiful views
I also haven't seen anybody poking into the new method invocation logging (vs raw 4304 script text) in Open Source PowerShell from a defensive side of things - github.com/PowerShell/P...
Add AMSI method invocation logging as experimental feature by PaulHigin · Pull Request #16496 · PowerShell/PowerShell
PR Summary
This PR adds a new experimental feature that adds new AMSI logging of .NET method invocations.
PR Context
This uses a new AMSI notification API to log .NET method invocations.
PR Checkli...
github.com
September 8, 2025 at 3:39 PM
I also haven't seen anybody poking into the new method invocation logging (vs raw 4304 script text) in Open Source PowerShell from a defensive side of things - github.com/PowerShell/P...
That looks cool. Are these recorded? It would be cool to see if the Revoke-Obfuscation work (based on PowerShell's AST) is any help. github.com/danielbohann...
GitHub - danielbohannon/Revoke-Obfuscation: PowerShell Obfuscation Detection Framework
PowerShell Obfuscation Detection Framework. Contribute to danielbohannon/Revoke-Obfuscation development by creating an account on GitHub.
github.com
September 8, 2025 at 3:27 PM
That looks cool. Are these recorded? It would be cool to see if the Revoke-Obfuscation work (based on PowerShell's AST) is any help. github.com/danielbohann...