zbalkan

$officeFolder = Get-ChildItem -Path 'C:\Program Files\Microsoft Office\' -Filter Office* | Select-Object -ExpandProperty Name
$currentPath = 'C:\Program Files\Microsoft Office\'+$officeFolder+'\OneNote'
$newPath = 'C:\Program Files\Microsoft Office\'+$officeFolder+'\OneNoteOLD'
Rename-Item $currentPath $newPath


$drivers = pnputil /enum-drivers
$drivers -split '\r?\n' | select-string -Pattern "prnms006.inf" -Context 1,0 | % {
    $pubName =  $_.Context.PreContext[0]
    }

zbalkan

Wazuh pain points

After I started to use Wazuh, around June 2022, I came across many pain points. Here, I recorded and grouped some of them together. There is no specific order, neither alphabetical nor by importance.

Table of Contents

• Detection Engineering
  • Sigma? What is that?
• Reliability
  • No local persistence of logs

• Possible loss of data in the network #1

zbalkan

test

zbalkan

# Personal .nanorc config
# Based on https://bash-prompt.net/guides/nanorc-settings/

# Non-default settings
set atblanks        # wrap line at blanks.
set cutfromcursor   # CTRL+K cuts from cursor position to end of line.
#set nohelp          # Disable the help information (CTRL+G to view the help screen).
set softwrap        # Enable softwrap of lines.
set suspend         # Enables CTRL+Z to suspend nano.
#set tabsize 4       # Sets tab-to-spaces size to 4.

zbalkan

<#
.Synopsis
   Script for creating WMI Filters for use with Group Policy Manager.
.DESCRIPTION
   The Script will create several WMI Filters for filtering based on:
   - Processor Architecture.
   - If the Hosts is a Virtual Machine
   - Operating System Version.
   - Type of Operating System.
   - If Java is installed

zbalkan

<#
.Synopsis
   Time-based One-Time Password Algorithm (RFC 6238)
.DESCRIPTION
   Based on the script of Jon Friesen - https://gist.github.com/jonfriesen/234c7471c3e3199f97d5
.EXAMPLE
   Get-OTP -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # Default OTP length is 6 digits and period is 30 seconds
.EXAMPLE
   totp -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # you can use totp or otp alias
.EXAMPLE

zbalkan

Keybase proof

I hereby claim:

• I am zbalkan on github.
• I am zbalkan (https://keybase.io/zbalkan) on keybase.
• I have a public key ASBBqweJA8AtahYGZFH_5frCdso79FPav7P4qXIcoLlVMAo

To claim this, I am signing this object:

zbalkan

<#
.Synopsis
   Shows Windows native credential dialog on PowerShell 7.x and VS Code.
.DESCRIPTION
   The cmdlet utilizes Windows native code based on P/Invoke calls. The parameters and output are the same as Get-Credential cmdlet. Based on the example: https://www.developerfusion.com/code/4693/using-the-credential-management-api/
.SYNTAX
   Get-WinCredential [[-UserName] <string>] -Message <string>  [<CommonParameters>]
.EXAMPLE
   Get-WinCredential
.EXAMPLE

zbalkan

# Reg2CI (c) 2021 by Roger Zander
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll") -ne $true) {  New-Item "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll" -Force -ErrorAction SilentlyContinue };
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell") -ne $true) {  New-Item "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell" -Force -ErrorAction SilentlyContinue };
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open") -ne $true) {  New-Item "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open" -Force -ErrorAction SilentlyContinue };
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open\command") -ne $true) {  New-Item "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open\command" -Force -ErrorAction SilentlyContinue };
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\Applications\photoviewer.dll\shell\open\DropTarget") -ne $true) {  New-

zbalkan

[user]
        name = Zafer Balkan
        email = [email protected]
        username = zbalkan
        signingkey = EECD6A2984E3EEE3
[init]
        defaultbranch = master
[core]
        pager = delta
        autocrlf = true