Lee Holmes's Avatar

Lee Holmes

@leeholmes.com.bsky.social

Partner Security Architect, Azure Security. PowerShell developer, fanatical hobbyist, and author of the PowerShell Cookbook.

43 Followers  |  99 Following  |  10 Posts  |  Joined: 07.09.2025  |  1.5448

Latest posts by leeholmes.com on Bluesky

Was in a discussion with somebody once about their horse, and the conversation included the phrase, "and before you know it, you're in it for a million bucks."

10.10.2025 00:11 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Tower: "Caution, wake turbulence"

24.09.2025 19:45 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
IShowSpeed about to approach a crowd of fans

IShowSpeed about to approach a crowd of fans

Had a huge YouTuber (IShowSpeed, 44M subs) come to a place I was at last night. It was madness. Dozens (200?) of kids and teens swarming, screaming his name, and calling his cliches out to him.

He seemed like a nice enough guy, and his security mostly kept the mob from interrupting the rest of us.

24.09.2025 15:38 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

On close final to a runway, especially at night, is one of the universe's most beautiful views

12.09.2025 16:23 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
The following console contetn: [Console]::(-join (294,291,312,293,308,317,312,319,308 | % { [char] ($_ -bxor 337) }))("Hello World") With a debug message showing what is being sent to AMSI: === Amsi notification report content === <System.Console>.WriteLine(<Hello World>) === Amsi notification report success: True ===

The following console contetn: [Console]::(-join (294,291,312,293,308,317,312,319,308 | % { [char] ($_ -bxor 337) }))("Hello World") With a debug message showing what is being sent to AMSI: === Amsi notification report content === <System.Console>.WriteLine(<Hello World>) === Amsi notification report success: True ===

Have you seen how PowerShell Core now sends de-obfuscated .NET API calls to the AMSI stream?

10.09.2025 17:55 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Statique: Simple Self-Hosted Comments for Static Websites When hosting a static website or blog, you ultimately have to tackle the question: โ€œWhat about the comments?

One of the little pet projects I'm proudest of - extremely simple comment system for static sites: www.leeholmes.com/statique-sim...

09.09.2025 23:46 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Construction workers ashphalting a road.

Construction workers ashphalting a road.

I could watch stuff like this all day. The world needs more fixers.

08.09.2025 17:14 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Add AMSI method invocation logging as experimental feature by PaulHigin ยท Pull Request #16496 ยท PowerShell/PowerShell PR Summary This PR adds a new experimental feature that adds new AMSI logging of .NET method invocations. PR Context This uses a new AMSI notification API to log .NET method invocations. PR Checkli...

I also haven't seen anybody poking into the new method invocation logging (vs raw 4304 script text) in Open Source PowerShell from a defensive side of things - github.com/PowerShell/P...

08.09.2025 15:39 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - danielbohannon/Revoke-Obfuscation: PowerShell Obfuscation Detection Framework PowerShell Obfuscation Detection Framework. Contribute to danielbohannon/Revoke-Obfuscation development by creating an account on GitHub.

That looks cool. Are these recorded? It would be cool to see if the Revoke-Obfuscation work (based on PowerShell's AST) is any help. github.com/danielbohann...

08.09.2025 15:27 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
A line of dump trucks, full, nose-to-tail, parked on the side of the street protecting a park.

A line of dump trucks, full, nose-to-tail, parked on the side of the street protecting a park.

Smart way for Chicago to protect the crowds at this weekend's Taste of Chicago festival from the monsters that try to mow them down.

08.09.2025 14:39 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@leeholmes.com is following 20 prominent accounts