Skip to content

Instantly share code, notes, and snippets.

gwsales / Enable-PS7-Logging.ps1
Created November 24, 2023 15:43
Enable logging for PowerShell V7
#Requires -RunAsAdministrator
$Path = "HKLM:\Software\Policies\Microsoft\PowerShellCore"
## ScriptBlockLogging
if (-not (Test-Path $Path\ScriptBlockLogging)) {
$null = New-Item $Path\ScriptBlockLogging -Force
Set-ItemProperty -Path $Path\ScriptBlockLogging -Name EnableScriptBlockLogging -Value "1" -Type Dword
## ModuleLogging
gwsales / Winlogbeat-Bulk-Read.ps1
Created August 14, 2020 02:08
PowerShell loop to read local .evtx files into Elastic's winlogbeat agent.
PowerShell loop to read local .evtx files into Elastic's winlogbeat agent.
Use winlogbeat.yml to customize your configuration of winlogbeat including output.
This script will attempt to use winlogbeat.yml which is ignored in .gitignore but
if this file is not found, it will fall back to using the example that will output
logs to .\winlogbeat\events.json. Once an EVTX file has been read winlogbeat will
gwsales /
Last active June 3, 2020 14:38 — forked from alexalouit/
fix Logstash error "logstash load error: ffi/ffi -- java.lang.NullPointerException: null" on Raspbian
# based on
# see:
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
gwsales /
Created October 18, 2019 01:04 — forked from kimus/
NAT and FORWARD with Ubuntu’s ufw firewall


I use Ubuntu’s Uncomplicated firewall because it is available on Ubuntu and it's very simple.

Install UFW

if ufw is not installed by default be sure to install it first.

gwsales /
Created August 28, 2019 13:57 — forked from alces/
How to run an Ansible playbook locally
  • using Ansible command line:
ansible-playbook --connection=local playbook.yml
  • using inventory: ansible_connection=local
gwsales /
Last active February 16, 2019 14:08
Private Internet Access PPTP VPN Profile Script
## This script requires jq
if ! [ -x "$(command -v jq)" ]; then
echo 'Error: jq is not installed.' >&2
exit 1
echo -n "PIA pptp username (xNNNNNNN not pNNNNNNN): "
read pia_username
gwsales / SysmonStartup.bat
Created October 25, 2018 19:13 — forked from silentbreaksec/SysmonStartup.bat
Windows batch file to deploy Sysmon using a startup script via GPO
@echo off
:: Author: Ryan Watson
:: Twitter: @gentlemanwatson
:: Version: 1.0
:: Credits: Credit to and their Sysmon GPO article for the kick off point
:: ** IMPORTANT **
:: 1) Create a Sysmon folder with the SYSVOL share on your domain controller
:: 2) Download Sysmon from Microsoft and place both sysmon.exe and sysmon64.exe in
gwsales / audit.rules
Created October 6, 2018 01:44 — forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
# This gist has been transformed into a github repo
# You can find the most recent version there:
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/