Cookie Monster has entered the Teams chat with Miriam Wiesner
Aired June 8, 2026 | 42 min
Recorded live at PSConfEU 2026, Andrew sits down with returning guest Miriam Wiesner, senior security researcher at Microsoft, for a wide-ranging conversation on PowerShell security, cookie-based attacks, and the evolving threat landscape. Miriam walks through her two conference talks — one on Microsoft Teams session cookie hijacking (a follow-up to her 2025 Entra ID cookie talk, complete with Cookie Monster branding and actual handcuffs), and a joint session with Stéphane van Gulick on using Microsoft Defender's Live Response feature for incident investigation. The conversation also covers the current state of PowerShell security, why sophisticated attackers are moving away from PowerShell, and why defenders who haven't enabled script block logging and AMSI are leaving easy wins on the table. On top of the technical deep dive, Miriam and Andrew get into the human side of the conference community — nerves before presenting, imposter syndrome, and why showing up is already half the battle.
Meet our guest
Miriam Wiesner is a senior security research program manager at Microsoft with over 15 years of experience in IT security, penetration testing, and security automation. She works on research behind Microsoft Defender and Sentinel and is the creator of widely used open-source PowerShell security tools EventList and JEAnalyzer. Miriam is a sought-after speaker at major security and PowerShell conferences including Black Hat, PSConfEU, and MITRE ATT&CK Workshops. She's also the author of "PowerShell Automation and Scripting for Cybersecurity," published by Packt. Her conference speaker career started at PSConfEU 2018, and she's been a fixture of the community ever since.
