lost in cyber space

  Aim for the Top of Cybersecurity | SEI (seic.com)

$ipaddress = Get-Content -Path C:\Temp\input.txt $results = @ () ForEach ( $i in $ipaddress )  {   $o = new-object psobject $o | Add-Member -MemberType NoteProperty -Name hostname -Value ([ System.Net.Dns ]:: GetHostByAddress ( $i ). HostName ) $results += $o } $results | Select-Object -Property hostname | Export-Csv C:\temp\output.csv

Test-NetConnection -ComputerName server443 -port 443

$servers = get-content "C:\TEMP\servers.txt" foreach ($server in $servers) {   $addresses = [System.Net.Dns]::GetHostAddresses($server)   foreach($a in $addresses) {     "{0},{1}" -f $server, $a.IPAddressToString   } }

 Get-DnsClientServerAddress

 Get-NetTCPConnection | Where-Object -Property State -Match Listen

Get-NetIPAddress

$servers = Get-Content C:\temp\input.txt $collection = $() foreach ($server in $servers) {     $status = @{ "ServerName" = $server; "TimeStamp" = (Get-Date -f s) }     if (Test-Connection $server -Count 1 -ea 0 -Quiet)     {          $status["Results"] = "Up"     }      else      {          $status["Results"] = "Down"      }     New-Object -TypeName PSObject -Property $status -OutVariable serverStatus     $collection += $serverStatus } $collection | Export-Csv C:\Temp\ping_status.csv -Delimiter ";" -Encoding UTF8 -NoTypeInformation

gc c:\temp\logon.txt | foreach { Get-ADcomputer  $_ -properties * } | sort lastlogondate | FT name, Lastlogondate, Win32_operatingsystem

JSON in Cyberchef aufbereiten JSON Beautify - CyberChef (gchq.github.io) Anschliessend in den JSON discoverer kopieren  JSON discoverer (uoc.edu) Alternative: Online JSON to Tree Diagram Converter (vanya.jp.net)

Unter LOLBAS (Living Off The Land Binaries And Scripts) versteht man die missbräuchliche Nutzung vorhandener Programme für schädliche Aktionen. Das LOLBAS-Projekt sammelt Informationen über solche Angriffe. LOLBAS (lolbas-project.github.io)

 https://www.malwarearchaeology.com/cheat-sheets The Windows Logging Cheat Sheet The Windows Advanced Logging Cheat Sheet The Windows HUMIO Logging Cheat Sheet The Windows Splunk Logging Cheat Sheet The Windows File Auditing Logging Cheat Sheet The Windows Registry Auditing Logging Cheat Sheet The Windows PowerShell Logging Cheat Sheet The Windows Sysmon Logging Cheat Sheet MITRE ATT&CK Cheat Sheets The Windows ATT&CK Logging Cheat Sheet The Windows LOG-MD ATT&CK Cheat Sheet

Appwiz.cpl Add/Remove Programs properties Ncpa.cpl Network Connections Desk.cpl Display properties Inetcpl.cpl Internet properties Intl.cpl Regional Settings properties Main.cpl Mouse, Fonts, Keyboard, and Printers properties Mmsys.cpl Multimedia properties Sysdm.cpl System properties and Add New Hardware wizard TimeDate.cpl Date/Time properties firewall.cpl Firewall properties

Windos Version winver Welcher Benutzer hat sich zuletzt angemeldet? reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI Wer hat lokale Adminrechte net localgroup Administrators Export Sheduled Tasks schtasks /query /fo list /v > export-tasks.txt Export Security Logs wevtutil qe Security /f:text > slogs.txt Check Hostfile type C:\Windows\System32\drivers\etc\hosts

apt install docker.io docker run -d -p 443:443 --name openvas mikesplain/openvas Login Informationen: https://127.0.0.1  admin admin

docker run --rm -it -p 7080:8080 --name webgoat  webgoat/webgoat-8.0 http://localhost:7080/WebGoat Anschliessend neuen Benutzer registrieren.

 #Finegrained get-adfinegrainedpasswordpolicy -filter * #Default Domain Policy Get-ADDefaultDomainPasswordPolicy

$DomainName = (Get-ADDomain).DNSRoot $AllDCs = Get-ADDomainController -Filter * -Server $DomainName | Select-Object Hostname,site