Lee HolmesVerified account

@Lee_Holmes

Lead Security Architect for Azure Management, Azure Stack. PowerShell developer, fanatical hobbyist, and author of the Windows PowerShell Cookbook

Seattle, WA
leeholmes.com/blog
Joined February 2009
242 Photos and videos Photos and videos

Tweets

You blocked @Lee_Holmes

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @Lee_Holmes

  1. Pinned Tweet
    Oct 23

    Defending Against PowerShell Attacks: Building the ultimate attacker honeypot.

    2 replies 237 retweets 352 likes
  2. Retweeted
    23 hours ago

    How sure are you that "(Verified) Microsoft Windows" refers to a program that actually originates from Microsoft? Code Signing Certificate Cloning Attacks and Defenses

    2 replies 194 retweets 330 likes
  3. Retweeted
    Dec 20

    The wait is over! Registration for 2018 is now open. Places are limited so register today!

    32 retweets 47 likes
  4. Dec 19

    Blogged: Part-of-Speech tagging with PowerShell, based on the Stanford Part of Speech Tagger -

    33 retweets 70 likes
  5. Retweeted
    Dec 18

    My book's finally here, just in time for Xmas. Thanks to and for all their time and effort as well as my friend for doing the forward. Hope anyone who's bought it are seeing final copies arriving. And it's a dog on the cover BTW 🙂

    64 replies 263 retweets 1,023 likes
  6. Retweeted
    Dec 16

    Facebook Memories just reminded me of this 6 year old gem. Turn your sound on and run this cmd. Thx ! iex (New-Object Net.WebClient).DownloadString(“”)

    1 reply 6 retweets 8 likes
  7. Dec 11

    What's worse: every major operating system includes keyloggers by default. All attackers need to do is call the right command-and-control hooks to enable them!

    HP ‘Accidentally’ Left Another Keylogger On Over 460 Laptop Models That Could Help Hackers Steal Your Sensitive Data. TIP—Install Patches.
    2 replies 24 retweets 26 likes
  8. Retweeted
    Dec 11

    Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI:

    22 replies 572 retweets 1,066 likes
    Show this thread
    Show this thread
  9. Retweeted
    Dec 11

    I'm excited to be speaking about security at 2018 ()! Really looking forward to sharing how I use PowerShell & DevOps practices to drive detection research & development at /.

    1 reply 11 retweets 46 likes
  10. Dec 8

    Since I've seen this retweeted, check your BS filter :) At 0.67 hashes per day when done manually, this gives you $0.000000000000007 for a year of effort.

    Some prisoners in Guatamala's Pavón Prison have turned to mining bitcoin by hand for extra spending money
    1 reply 2 retweets 7 likes
  11. Dec 8

    Twitter, meet recursion :)

    3 replies 11 likes
  12. Retweeted
    Dec 7

    We analyze script-block logs on a SHIT ton of hosts and 99.99 % of malicious powershell scripts stand out like the lady in red from the Matrix. You just need to look.* *Yes, look for downgrade attacks, too. They are also noisy.

    I will publish my oneliner on my github to retrieve passwords from the Windows 2016 memory as soon as possible!
    13 retweets 42 likes
  13. Dec 7

    It's time to have a "Python OMFG" discussion. Attackers are using Python to completely roll networks, and you have no visibility. PEP 551 from can change that.

    1 reply 18 retweets 71 likes
  14. Dec 7

    My favourite financial thinker, posted about his experiences in the dot com boom / bust here:

    1 reply 7 likes
    Show this thread
    Show this thread
  15. Dec 7

    When the tech bubble burst in the early 2000s, I watched friends part-way through University cry as their tuition savings evaporated. For 18 months before that, they felt like gods.

    2 replies 3 retweets 12 likes
    Show this thread
    Show this thread
  16. Dec 7

    For all these tweets you see bragging about BTC and ETH hauls, remember one thing: everybody looks like a genius in a bull market. You're not going to see people brag when they lose their house, but that will happen too.

    6 replies 21 retweets 83 likes
    Show this thread
    Show this thread
  17. Dec 7

    Starting in 15 minutes!

    Join the AMA on Azure Stack, starting December 7:
    3 retweets 1 like
  18. Dec 6

    TFW you learn about the Baader-Meinhof phenomenon and start noticing it EVERYWHERE.

    6 replies 7 retweets 15 likes
  19. Dec 6

    Looking for a PowerShell Stocking Stuffer or Swag? Here you go - only $13!

    4 replies 13 retweets 36 likes
  20. Retweeted
    Dec 6

    It took AlphaZero 4 hours of playing against itself to become probably the strongest chess-playing entity of all time! Welcome to the future:

    8 replies 109 retweets 119 likes
  21. Dec 5

    TimeSketch from and looks like it could be a Maltego killer for DFIR / incident response:

    3 replies 50 retweets 101 likes

@Lee_Holmes hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·