This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
foreach($line in Get-Content .\users.txt) { | |
Add-Type -AssemblyName System.DirectoryServices.AccountManagement | |
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain') | |
$username = $line.Trim() | |
$password = $username.ToLower() | |
$success=$DS.ValidateCredentials($username, $password) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$computername=$env:computername | |
$logfile="\\dc01\EgregorLog\$computername.csv" | |
$egregorDll="C:\Windows\egregor.dll" | |
################################################################################################# | |
# This is a small script to monitor/protect all domain joined systems from further Egregor activity. | |
# It was created during an incident by Florian Bogner, Bee IT Security (https://bee-itsecurity.at) | |
# | |
# As described by CyberReason (https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware) | |
# Egregor uses a DLL for the actual encryption process. This script checks if the "client"-specific |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ErrorActionPreference= 'silentlycontinue' | |
$ping = New-Object System.Net.NetworkInformation.Ping; | |
# Für alle Rechnernamen in der Textdatei rechner.txt | |
foreach($line in Get-Content .\rechner.txt) { | |
# Konvertiere Hostnamen in IP | |
$pc=$line.Trim() | |
$ip = "" | |
$ip = [System.Net.Dns]::GetHostAddresses($pc) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function IsFolderWritable ($test_folder, $verbose) { | |
if($verbose -eq $null) | |
{ | |
$verbose = $false | |
} | |
# Check if folder is a folder | |
If (-Not (Test-Path $test_folder -pathType container)) { |