lost in cyber space

SecurityZines

Get-Aduser - Filter * - SearchBase "OU=xx,OU=xx,DC=xx,DC=xx" - Properties * | Sort LastLogon | Select Name , Manager , LastLogonDate , @ { Name = 'LastLogon' ; Expression = {[ DateTime ]::FromFileTime( $_ .LastLogon )}} | Export-Csv C:\temp\adcomputers - last - logon - ou.csv - NoTypeInformation

 

  Analyze Defender for endpoint logs with KQL

  aka.ms/ADrecovery

Advanced threat hunting within Active Directory Domain Services

GitHub - dfir-dd/dfir-toolkit: CLI tools for forensic investigation of Windows artifacts

SANS Blue Team Operations

$list = get-content "C:\Downloads\input.txt" $output = $list | Select-String interface , description , 'ip address' (((( $output -replace "interface" , "" ) -replace "description" , "" ) -replace "ip address" , "" ) -replace "\**>*" , "" ).trimstart()

  CIDR SUBNET MASK WILDCARD MASK # OF IP ADDRESSES # OF USABLE IP ADDRESSES /32 255.255.255.255 0.0.0.0 1 1 /31 255.255.255.254 0.0.0.1 2 2* /30 255.255.255.252 0.0.0.3 4 2 /29 255.255.255.248 0.0.0.7 8 6 /28 255.255.255.240 0.0.0.15 16 14 /27 255.255.255.224 0.0.0.31 32 30 /26 255.255.255.192 0.0.0.63 64 62 /25 255.255.255.128 0.0.0.127 128 126 /24 255.255.255.0 0.0.0.255 256 254 /23 255.255.254.0 0.0.1.255 512 510 /22 255.255.252.0 0.0.3.255 1,024 1,022 /21 255.255.248.0 0.0.7.255 2,048 2,046 /20 255.255.240.0 0.0.15.255 4,096 4,094 /19 255.255.224.0 0.0.31.255 8,192 8,190 /18 255.255.192.0 0.0.63.255 16,384 16,382 /17 255.255.128.0 0.0.127.255 32,768 32,766 /16 255.255.0.0 0.0.255.255 65,536 65,534 /15 255.254.0.0 0.1.255.255 131,072 131,070 /14 255.252.0.0 0.3.255.255 262,144 262,142 /13 255.248.0.0 0.7.255.255 524,288 524,286 /12 255.240.0.0 0.15.255.255 1,048,576 1,048,574 /11 255.224.0.0 0.31.255.255 2,097,152 2,097,150 /10 255.192.0.0 0.63.255.255 4,194,304 4,194,302 /9 255...