-
-
Save makakin/992536411e0c94c24a44153af80d4856 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 10-02-2021 DFIR-Jesseee | |
# For CyberForce 2021 | |
# Reference https://textkool.com/en/ascii-art-generator?hl=default&vl=default&font=Red%20Phoenix&text=Install%20Sysmon | |
# | |
# | |
$ASCII = @" | |
.___ __ .__ .__ _________ | |
| | ____ _______/ |_ _____ | | | | / _____/___.__. ______ _____ ____ ____ | |
| | / \ / ___/\ __\\__ \ | | | | \_____ \< | | / ___/ / \ / _ \ / \ | |
| || | \ \___ \ | | / __ \_| |__| |__ / \\___ | \___ \ | Y Y \( <_> )| | \ | |
|___||___| //____ > |__| (____ /|____/|____/ /_______ // ____|/____ >|__|_| / \____/ |___| / | |
\/ \/ \/ \/ \/ \/ \/ \/ | |
By DFIR-Jesseee | |
"@ | |
# | |
# | |
$ASCII | |
add-type @" | |
using System.Net; | |
using System.Security.Cryptography.X509Certificates; | |
public class TrustAllCertsPolicy : ICertificatePolicy { | |
public bool CheckValidationResult( | |
ServicePoint srvPoint, X509Certificate certificate, | |
WebRequest request, int certificateProblem) { | |
return true; | |
} | |
} | |
"@ | |
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy | |
#If you can't get the script to run do the Bypasss below | |
Set-ExecutionPolicy -Scope CurrentUser Bypass -Force | |
# | |
Invoke-WebRequest https://github.com/olafhartong/sysmon-modular/archive/refs/heads/master.zip -OutFile "$env:tmp/Sysmon-Mod.zip" -ErrorAction SilentlyContinue | |
Expand-Archive -LiteralPath $env:tmp\Sysmon-Mod.zip -DestinationPath $env:tmp -ErrorAction SilentlyContinue | |
cd $env:tmp/sysmon-modular-master | |
Invoke-WebRequest https://live.sysinternals.com/Sysmon64.exe -OutFile "$env:tmp/sysmon-modular-master/sysmon.exe" -ErrorAction SilentlyContinue | |
. .\Merge-SysmonXml.ps1 | |
Merge-AllSysmonXml -Path ( Get-ChildItem '[0-9]*\*.xml') -AsString | Out-File sysmonconfig.xml | |
./sysmon.exe -accepteula -i sysmonconfig.xml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment