Yusuf Ozturk yusufozturk

## Get-RdpLogonEvent.ps1
function Get-RdpLogonEvent
{
    [CmdletBinding()]
    param(
        [Int32] $Last = 10
    )

    $RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
        LogName='Security'
        ProviderName='Microsoft-Windows-Security-Auditing'

## log-forwarding-with-etw.ps1
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$wc = New-Object System.Net.WebClient

if (!(Test-Path "C:\Tools")) {
    New-Item -Path "C:\" -Name "Tools" -ItemType "directory"
}

# SYSMON
# Download Sysmon
$SysmonDirectory = "C:\Tools\Sysmon\"

## main.go
package main

import (
	"log"
  // replace right path
	"[...]/utils"
	"go.uber.org/zap"
	"go.uber.org/zap/zapcore"
)

## Get-EtwTraceProvider.ps1
#Requires -RunAsAdministrator
#Requires -Version 5.0
# requires Windows 10
Get-EtwTraceProvider | Select-Object SessionName, Guid | sort SessionName
# as Markdown
<#
#Requires -RunAsAdministrator
$result = Get-EtwTraceProvider | sort SessionName
$result | %{"|Name|GUID|";"|----|----|";}{"|$($_.SessionName)|$($_.Guid)|"}
#>
	function Get-RdpLogonEvent
	{
	[CmdletBinding()]
	param(
	[Int32] $Last = 10
	)

	$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
	LogName='Security'
	ProviderName='Microsoft-Windows-Security-Auditing'
	[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
	$wc = New-Object System.Net.WebClient

	if (!(Test-Path "C:\Tools")) {
	New-Item -Path "C:\" -Name "Tools" -ItemType "directory"
	}

	# SYSMON
	# Download Sysmon
	$SysmonDirectory = "C:\Tools\Sysmon\"
	package main

	import (
	"log"
	// replace right path
	"[...]/utils"
	"go.uber.org/zap"
	"go.uber.org/zap/zapcore"
	)
	#Requires -RunAsAdministrator
	#Requires -Version 5.0
	# requires Windows 10
	Get-EtwTraceProvider \| Select-Object SessionName, Guid \| sort SessionName
	# as Markdown
	<#
	#Requires -RunAsAdministrator
	$result = Get-EtwTraceProvider \| sort SessionName
	$result \| %{"\|Name\|GUID\|";"\|----\|----\|";}{"\|$($_.SessionName)\|$($_.Guid)\|"}
	#>