Here are straight-forward instructions to setting up a bunch of different software on FreeNAS. If you make a terrible error, just throw up another plugin sandbox and repeat.
ionstorm ion-storm
ion-storm
/ Remove-UserProfilesRemote.ps1
Created
January 21, 2017 02:00
— forked from automationhaus/Remove-UserProfilesRemote.ps1
Remotely Remove User Profiles from RDS or Citrix Session Host Servers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| I broke out the Get-CIMInstance and Get-WMIObject types for a couple of reasons. 1. Because I kept running into issues on 2008 R2 | |
| where CIM wasn't working due to the fact they aren't configured for remoting out of the box like 2012 servers are. 2. In order to | |
| train system admins on how to use both versions in case one or the other doesn't work for them. Here, I break down the two based | |
| on the version of the OS but you can elect to use one or the other depening on your environment. In CIM you can specify the protocol | |
| type which could help eliminate the need for the WMI version but the WMI version will be supported on servers with older versions | |
| of PowerShell. | |
| #> | |
| #Specifying the EAP | |
| $ErrorActionPreference = "Stop" |
ion-storm
/ Get-SecurityLogs.ps1
Created
January 21, 2017 02:03
— forked from automationhaus/Get-SecurityLogs.ps1
PowerShell function used to collect security events from a list of servers using a start date, end date, username or domain as needed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-SecurityLogs | |
| { | |
| <# | |
| .SYNOPSIS | |
| Pulls security logs from the given list of computers using the given date range | |
| .DESCRIPTION | |
| Using the computername, startdate and enddate parameters you can pull the event logs for the given computers. Once the data is collected to a variable you can alter the output as needed. | |
| .EXAMPLE | |
| PS>Get-SecurityLogs | |
| Collects the security logs for the last day on the local machine |
ion-storm
/ Get-ServiceAccounts.ps1
Created
January 21, 2017 02:05
— forked from automationhaus/Get-ServiceAccounts.ps1
Checks each server in the list of given computers for non-System accounts used in services and non-Microsoft scheduled tasks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ServiceAccounts | |
| { | |
| <# | |
| .SYNOPSIS | |
| Reaches out to the given servers to get service accounts used in services and scheduled tasks | |
| .DESCRIPTION | |
| Checks each server in the list of given computers for non-System accounts used in services and non-Microsoft scheduled tasks | |
| .EXAMPLE | |
| Get-ServiceAccounts -ComputerName "SERVER1","SERVER2" -CSV | |
| .NOTES |
ion-storm
/ XPS-15 9560 Getting Nvidia To Work on KDE Neon
Created
August 12, 2017 04:41
— forked from whizzzkid/XPS-15 9560 Getting Nvidia To Work on KDE Neon
Making Nvidia Drivers + CUDA 8 + Bumblebee work together on XPS 15 Early 2017 9560 kabylake. Ubuntu, KDE Neon, Linux Mint, debian.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # As of writing this, 4.11 kernel fails, 4.10.15 fails, 4.11rc8 seems to be working. Apply the graphics patches first. | |
| # Install Intel Graphics Patch Firmwares (This should reboot your system): | |
| bash -c "$(curl -fsSL http://bit.ly/IGFWL-install)" | |
| # Update to 4.11.2 kernel. nvidia-375 compiles fine >=4.11.1 | |
| cd /tmp | |
| wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.2/linux-headers-4.11.2-041102_4.11.2-041102.201705201036_all.deb | |
| wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.2/linux-headers-4.11.2-041102-generic_4.11.2-041102.201705201036_amd64.deb | |
| wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.2/linux-image-4.11.2-041102-generic_4.11.2-041102.201705201036_amd64.deb |
ion-storm
/ sophosremoval.bat
Last active
August 20, 2019 09:51
— forked from Coopeh/sophosremoval.bat
Sophos Removal Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| ECHO ==================================================================== | |
| ECHO Sophos Removal v2.0 - Ed Cooper/Kyle Weller | |
| ECHO Removes Sophos v7 - v10 | |
| ECHO ==================================================================== | |
| ECHO. | |
| ECHO. | |
| IF NOT EXIST "%~dp0\msizap.exe" GOTO MSIZAPNOTFOUND | |
| ECHO Administrative permissions required. Detecting permissions... | |
| ECHO. |
ion-storm
/ graylog_sigma_queries
Created
July 28, 2018 03:18
— forked from curi0usJack/graylog_sigma_queries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is not my work. All credit goes to https://github.com/Neo23x0/sigma. I just used the tool to convert to graylog format, | |
| # skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error. | |
| rules/application/appframework_django_exceptions.yml | |
| ("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied") | |
ion-storm
/ audit.rules
Created
August 6, 2018 17:54
— forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ | |
| # | |
| # Linux Audit Daemon - Best Practice Configuration | |
| # /etc/audit/audit.rules | |
| # | |
| # Compiled by Florian Roth |
ion-storm
/ CrowdStrike Savedsearches.conf
Created
August 21, 2018 16:34
— forked from MHaggis/CrowdStrike Savedsearches.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [POWERSHELL-DOWNLOAD-HUNT] | |
| dispatch.earliest_time = -24h@h | |
| dispatch.latest_time = now | |
| dispatchAs = user | |
| display.general.type = statistics | |
| display.page.search.mode = verbose | |
| display.page.search.tab = statistics | |
| display.visualizations.charting.chart = bar | |
| display.visualizations.show = 0 | |
| search = FileName=powershell.exe (CommandLine=*DownloadFile* OR CommandLine=*invoke-webrequest*) | stats values(CommandLine) as "commands" by ComputerName |
ion-storm
/ FreeNAS.md
Created
October 7, 2018 02:52
— forked from MikeRatcliffe/FreeNAS.md
Ultimate FreeNAS Setup
ion-storm
/ windows_hardening.cmd
Created
November 4, 2018 02:26
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: | |
| ::####################################################################### | |
| :: | |
| :: Change file associations to protect against common ransomware attacks | |
| :: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell | |
| :: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :) | |
| :: --------------------- | |
| ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" |
OlderNewer