JaekelEDV
/ logparser.ps1
Created
August 10, 2021 08:34
— forked from exp0se/logparser.ps1
Logparser log parsing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logparser | |
| ############### | |
| # Security Log | |
| ############### | |
| # Find Event id | |
| & 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'" |
JaekelEDV
/ powershell_eventlog_parsing.ps1
Created
August 10, 2021 08:34
— forked from exp0se/powershell_eventlog_parsing.ps1
Powershell log parsing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Security log | |
| #============ | |
| #### | |
| #4624 - Logon & Logoff events successful | |
| #4625 - Logon unsucceful | |
| #### | |
| # Get usernames | |
| Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique | |
| # Get domains |
JaekelEDV
/ Get-InstalledSoftware.ps1
Created
November 2, 2018 21:26
— forked from indented-automation/Get-InstalledSoftware.ps1
Get-InstalledSoftware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Get-InstalledSoftware { | |
| <# | |
| .SYNOPSIS | |
| Get all installed from the Uninstall keys in the registry. | |
| .DESCRIPTION | |
| Read a list of installed software from each Uninstall key. | |
| This function provides an alternative to using Win32_Product. | |
| .EXAMPLE | |
| Get-InstalledSoftware |
JaekelEDV
/ Get-InstalledSoftware.ps1
Created
November 2, 2018 21:26
— forked from indented-automation/Get-InstalledSoftware.ps1
Get-InstalledSoftware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Get-InstalledSoftware { | |
| <# | |
| .SYNOPSIS | |
| Get all installed from the Uninstall keys in the registry. | |
| .DESCRIPTION | |
| Read a list of installed software from each Uninstall key. | |
| This function provides an alternative to using Win32_Product. | |
| .EXAMPLE | |
| Get-InstalledSoftware |