Ken kerard
kerard
/ filter-wireshark.pcapng
Created
August 17, 2020 16:57
Wireshark filter to exclude externally sourced traffic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip.dst == DST_IP_HERE && (ip.src == 10.0.0.0/8 || ip.src == 172.16.0.0/12 || ip.src == 192.168.0.0/16) |
kerard
/ filter-wireshark.pcapng
Created
August 17, 2020 16:57
Wireshark filter to exclude externally sourced traffic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip.dst == DST_IP_HERE && (ip.src == 10.0.0.0/8 || ip.src == 172.16.0.0/12 || ip.src == 192.168.0.0/16) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| psping64.exe -h 50 -i 1 -n 86400 -4 TARGET_HOST.DOMAIN.COM > psping-stats-icmp.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| Param( | |
| [Parameter()] | |
| [string[]] | |
| $ComputerName = @('localhost') | |
| ) | |
| [DscLocalConfigurationManager()] | |
| Configuration ResetLCM { | |
| Param ( |
kerard
/ make-pcap.cmd
Created
July 30, 2020 20:28
Start and stop a packet capture with NetShell (Windows)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| netsh trace start tracefile=c:\smb-%computername%.etl capture=yes scenario=netconnection,Filesharing maxsize=1024 | |
| REM run this command below to stop the background trace | |
| REM netsh trace stop |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install-Module -Name VMware.PowerCLI |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 |
kerard
/ repair-cert.
Created
July 20, 2020 18:53
Join a new certificate to old private key (Windows)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| certutil -repairstore my $serialNumber |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (frame.time >= "Jul 16, 2020 04:00:00" && frame.time <= "Jul 16, 2020 04:02:00") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| foreach ($computer in (get-adcomputer -filter {(Name -like "*name*" -and OperatingSystem -like "*Server*")})) | |
| { | |
| $computer.Name | |
| $servicesObj = Get-WmiObject -Class "Win32_Service" -computer $computer.name | ? {$_.name -like "*service*"} | % {($computer.Name,$_.name,$_.pathname) -join ","} | |
| $servicesObj | out-file -Append .\services.csv | |
| } |