Discover YossiSassi/Get-PSTranscriptReport Open Source project

Stars
3
Rank 3,963,521 (Top 79 %)
Language
PowerShell
Created about 1 month ago
Updated about 1 month ago

YossiSassi

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

PowerShell Transcripts Analysis & Reporting - analyzes PSTranscriptions folder content, provides insights and some hunting guidance

Get-UserSession

Query user sessions for the entire domain (Interactive/RDP etc), allowing you to query a Username and see all their logged on sessions, whether Active or Disconnected

PowerShell

hAcKtive-Directory-Forensics

Get-NetSessionEnum

Automate Network sessions enumeration of connected users in the domain, to facilitate AD Reconnaissance for Adversary simulation & Red Teams

PowerShell

SEC-T_21-One-Liners-Powershell

Code & other materials from SEC-T 2022 talk "When SysAdmin & Hacker Unite: 21 One-Liners to make you convert from bash to Powershell"

PowerShell

Get-LDAPperformance

Collects LDAP Query Performance Events and analyzes them to CSV & Grid. Helps in identifying large or unusual LDAP queries, either for Threat Hunting or IT optimization

PowerShell

Get-RemotePSSession

Query PS Sessions (wsman) for their connected users, IPs & hosts, locally & remotely

PowerShell

AD-Replication-Metadata

Track past changes in your AD accounts (users & computers), even if no event logs exist - e.g. not collected, no retention/overwritten, wiped (e.g. during an Incident Response) etc. Uses Replication metadata history parsing

PowerShell

Get-LoggedOnUser

Gets currently logged-on users on domain computers, to see if they are local admins or not.

PowerShell

Get-DomainNLAStatus

Checks for domain-wide computers Network Level Authentication settings in light of RDP Vulns, e.g BlueKeep, DejaBlue

PowerShell

Get-ADGroupChanges

"Pure" powershell command (no dependencies, no special permissions etc') to retrieve change history in an AD group membership. relies on object metadata rather than event logs. useful for DF/IR, tracking changes in groups etc'.

PowerShell

PowerShell-Hacking-BSidesTLV

Code from my talk @ BSidesTLV 2019 on PowerShell as a Hacking Tool

PowerShell

Misc_Tools

Things that make you go hmm... scripts for fun(ctionality)

PowerShell

ZeroLogon-Exploitation-Check

quick'n'dirty automated checks for potential exploitation of CVE-2020-1472 (aka ZeroLogon), using leading artifects in determining an actual exploitation of CVE-2020-1472. requires admin access to the DCs

PowerShell

PowerShell-Performance-Optimization

from my talk @ Microsoft regarding various tips & best practices on PowerShell/.net Optimization for Performance

PowerShell

Get-ChangesInADUser

Checks for changes in AD users. Useful in finding who|when changed what property of an AD user. Requires 'Event Log Readers' or equivalent. No additional modules required.

PowerShell

GoldFinger-Suspicious_TGT_Hunter

GoldFinger - Suspicious TGT detection - collects | analyzes | hunts for potential Golden Tickets & Pass-The-Hash

PowerShell

Get-ADUserAddedToGroup

simple script to check when a user was added to a group (entry level forensics)

PowerShell

WeakCipherUsage

PowerShell

SecurityWeekly_Cover-Tracks-Evade-Detection

Code from the Security Weekly session on Covering Tracks & Evading Detection

PowerShell

TimeLineGenerator

AD account timeline generator - parse DC security logs for activity timeline

PowerShell

Get-ADPrincipalKerberosTokenGroup

a powershell implementation of PAC enum (similar to getpac.py). does not require privileges. can enum Effective Token (Kerberos group SIDs) for any user

PowerShell

Invoke-AdminSDHolderPermissionCheck

Analyzes AdminSDHolder permissions & compares with a previous run, to detect potential backdoor/excessive persistent permission(s)

PowerShell

Get-DCShadowNTDSdsa

detecting DCShadow in retrospect from relevant DC demotion/ntdsDSA deletion

PowerShell

YossiSassi/Get-PSTranscriptReport

YossiSassi

Reviews

Repository Details

More Repositories