mortenya
mortenya
/ Parse-DHCPLog.ps1
Last active
August 29, 2015 14:08
This scripts takes a DHCP Log as input, and then parses it for unique Devices that requested a lease, Event ID 10.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-FileName($initialDirectory) { | |
| Add-Type -Assembly System.windows.forms | Out-Null | |
| $initialDirectory = "C:\" | |
| $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog | |
| $OpenFileDialog.InitialDirectory = $initialDirectory | |
| $OpenFileDialog.Filter = "Log files (*.Log)| DhcpSrvLog-*.log" | |
| $OpenFileDialog.Multiselect = $false | |
| $OpenFileDialog.ShowDialog() | Out-Null | |
| $OpenFileDialog.FileName | |
| } #end function Get-FileName |
mortenya
/ Get-MappedDrives.ps1
Last active
August 29, 2015 14:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-MappedDrives { | |
| <# | |
| .Synopsis | |
| Returns the Mapped Drives on the system | |
| .DESCRIPTION | |
| This function uses WMI to query computers on the network and return the mapped drives, not local drives. | |
| If no user is logged on there will likely be an error about RPC server not available. | |
| .PARAMETER ComputerName | |
| The name of the system(s) you want to check | |
| .EXAMPLE |
mortenya
/ 01-inputs.conf
Last active
September 14, 2017 02:07
I have this taking events from my Snort Defense Center, it's light right now, mostly a proof of concept.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| syslog { | |
| port => 1514 | |
| } | |
| } | |
| filter { | |
| #IP Address of Snort | |
| if [host] =~ /192\.168\.0\.250/ { | |
| mutate { |
mortenya
/ CustomModule.psm1
Last active
August 29, 2015 14:02
Originally written by Boe Prox, when loading a custom module this will source any scripts in the $ModulePath\Scripts folder, as well as check if you've loaded PowerShell as an Administrator.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Validate user is an Administrator | |
| Write-Verbose "Checking Administrator credentials" | |
| If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
| Write-Warning "You are not running this as an Administrator!`nPlease re-run module with an Administrator Account." | |
| Break | |
| } | |
| #Load Functions | |
| $ScriptPath = Split-Path $MyInvocation.MyCommand.Path | |
| Try { |
mortenya
/ Get-SharedFolderACL.ps1
Last active
August 29, 2015 14:02
NewerOlder