pseventviewer

pseventviewerhttps://evotec.xyz/fr/tags/pseventviewer/index.atom.xml2020-08-28T15:39:28.0000000ZEvotec Main WebsiteRestoring (Recovering) PowerShell Scripts from Event Logshttps://evotec.xyz/fr/blog/restoring-recovering-powershell-scripts-from-event-logs2020-08-28T15:39:28.0000000Z

A few days ago, I was asked to take a look at PowerShell Malware. While I don’t know much about malware, my curiosity didn’t let me skip on this occasion, and I was handed over WindowsPowerShell.evtx file. Ok, that’s not what I expected! I wanted PowerShell .ps1 files that I can read and assess? Well, you play with the cards you were dealt with. What I was handed over was PowerShell Event Log. PowerShell writes whatever you execute, and it thinks it is risky, to Windows PowerShell Operation Event Log.

Four commands to help you track down insecure LDAP Bindings before March 2020https://evotec.xyz/fr/blog/four-commands-to-help-you-track-down-insecure-ldap-bindings-before-march-20202020-01-19T19:54:06.0000000Z

In March 2020, Microsoft will release its monthly updates. With those updates, Microsoft will disable insecure LDAP Bindings, which is going to break a lot of your systems (hopefully not). But this was already communicated, and you know all about it, right? If not, you should read those two articles that can help you with understanding what is happening and when.

Sending information to Event Log with extended fields using PowerShellhttps://evotec.xyz/fr/blog/sending-information-to-event-log-with-extended-fields-using-powershell2020-01-01T16:22:02.0000000Z

Reading Event Logs is something that every admin does or at least should do quite often. When writing PowerShell scripts, you often need to read event logs to find out different things across your infrastructure. But now and then it’s quite the opposite. You need to write something to Event Log so it can be recorded for the future. Sure, you can write your information to log files, but since Windows already has a built-in logging system, it may be much easier to write stuff to event log. This allows you to centralize your event logs and processed by specialized tools like SIEM.

Active Directory – How to track down why and where the user account was locked outhttps://evotec.xyz/fr/blog/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out2019-01-24T15:25:31.0000000Z

I’ve been working with Windows Events for a while now. One of the things I did to help me diagnose problems and reporting on Windows Events was to write PSEventViewer to help to parse the logs and write PSWinReporting to help monitor (with use of PSEventViewer) Domain Controllers for events that happen across the domain. It’s handy and I, get those excellent daily reports of what happened while I was gone.

Install-Module: The term Install-Module is not recognized as the name of cmdlet, function, script file or operable programhttps://evotec.xyz/fr/blog/install-module-the-term-install-module-is-not-recognized-as-the-name-of-cmdlet-function-script-file-or-operable-program2018-07-25T08:15:53.0000000Z

Recently I was asked to implement PSWinReporting onto yet another domain. Happily I’ve started to install my 6 modules to…