Tags Archives
You are currently viewing all posts tagged with event log
Restoring (Recovering) PowerShell Scripts from Event Logs
A few days ago, I was asked to take a look at PowerShell Malware. While I don't know much about malware, my curiosity didn't let me skip on this occasion, and I was handed over WindowsPowerShell.evtx file. Ok, that's not what I expected! I wanted PowerShell .ps1 files that I can read and assess? Well, you play with the cards you were dealt with. What I was handed over was PowerShell Event Log. PowerShell writes whatever you execute, and it thinks it is risky, to Windows PowerShell Operation Event Log.
Read morePSWinReporting – Forwarders, Microsoft Teams, Slack, Microsoft SQL and more
It's been a while since PSWinReporting has been updated, or rather since I've written a blog post about it since it's always work in progress. This ...
Read moreMonitoring Active Directory Changes on Users and Groups with PowerShell
Working as Administrator with Active Directory can be rewarding. You can easily deploy new settings, make changes to users even on largest scope. Whether ...
Read more