lost in cyber space

Common Ports IANA port assignments

Kerberos Authentication Explained (varonis.com) PowerPoint Presentation (redsiege.com)

echo 'YWRtaW5pc3RyYXRvckAzNjI5LmxvY2FsOmFkbWluMjUzNjU0Nw==' | base64 -d >password cat password

wsl --install Anschliessend Ubuntu für WSL installieren: WSL | Ubuntu Sollte der Store gesperrt sein kann das Paket manuel heruntergeladen werden: Microsoft Store - Generation Project (v1.2.3) [by @rgadguard & mkuba50] (rg-adguard.net)

Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0” Server 2022 Get-WindowsFeature | Where-Object {$_.Name -like "RSAT*"} | Install-WindowsFeature get-WindowsFeature | Where-Object {$_.Name -like "RSAT-AD-Tools"} | Install-WindowsFeature

 #Alle Patches auflisten Get-WmiObject -query 'select * from win32_quickfixengineering' | foreach {$_.hotfixid}  #Nur "Security Update" auflisten Get-Hotfix -description "Security update" #Ist ein spezifischer Patch auf Computer in der angegebenen Liste installiert $A = Get-Content -Path C:\Temp\input.txt $A | ForEach-Object { if (!(Get-HotFix -Id KB5008207 -ComputerName $_))          { Add-Content $_ -Path ./Missing-KB5008207.txt }} 

$filter = @ {     LogName       = 'System'     ProviderName = 'Microsoft-Windows-Winlogon'     StartTime     = ( Get-Date ). AddDays ( -7 ) } $logs = Get-WinEvent - FilterHashtable $filter $res = @ () ForEach ( $log in $logs ) {     if ( $log . Id -eq 7001 ) { $type = "Logon" }     elseif ( $log . Id -eq 7002 ) { $type = "Logoff" }     else { Continue }     # Check if Properties[1] exists before accessing     if ( $log . Properties . Count -gt 1 ) {         try {             $user = ( New-Object System.Security.Principal.SecurityIdentifier $log . Properties [ 1 ]. Value ). Translate ([ System.Security.Principal.NTAccount ])         } catch {             $user = "Unknown User"         }     } else {     ...

 Get-ADUser -Identity "S-1-5-21-134454589-3455657894-xxxx-xxx"

Powershell Get-FileHash -Path "C:\Temp\interesting-file.txt" -Algorithm SHA256 Get-FileHash -Path "C:\Temp\interesting-file.txt" -Algorithm SHA1 Get-FileHash -Path "C:\Temp\interesting-file.txt" -Algorithm MD5 Linux sha1sum hash.txt sha224sum hash.txt sha256sum hash.txt sha384sum hash.txt sha512sum hash.txt

Get-WinEvent -ProviderName msiinstaller | where id -eq 1033 | select timecreated,message | FL *

 Alle Computer in einer Domäne mit einem bestimmten OS auslesen Get-ADComputer -Filter {operatingsystem -like "*2012*"} -Properties description | select dnshostname,description  | Out-File -FilePath C:\Temp\2008.csv

Passwort geschützte Zip Datei öffnen

URL entschärfen mit Cyberchef Rezept Cyberchef

Rezept Cyberchef

Rezept Cyberchef   Original EMail extrahieren zum Beispiel mit Gmail.