Zafer Balkan zbalkan

## Chocolatey Setup
# Set proxy settings if behind an enterprise proxy by using these in PS profile
[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy('http://proxy:port')
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true

# Set proxy settings for git
git config --global https.proxy http://username:password@proxy:port
git config --global http.sslVerify false

# Type the command to install Chocolatey

## Get-WinCredential.ps1
<#
.Synopsis
   Shows Windows native credential dialog on PowerShell 7.x and VS Code.
.DESCRIPTION
   The cmdlet utilizes Windows native code based on P/Invoke calls. The parameters and output are the same as Get-Credential cmdlet. Based on the example: https://www.developerfusion.com/code/4693/using-the-credential-management-api/
.SYNTAX
   Get-WinCredential [[-UserName] <string>] -Message <string>  [<CommonParameters>]
.EXAMPLE
   Get-WinCredential
.EXAMPLE

## .gitconfig
[user]
        name = Zafer Balkan
        email = zafer@zaferbalkan.com
        username = zbalkan
        signingkey = EECD6A2984E3EEE3
[init]
        defaultbranch = master
[core]
        pager = delta
        autocrlf = true

## Wazuh pain points.md

      
              1 file
            
          
              1 fork
            
          
              1 comment
            
          
              8 stars
            
          
                zbalkan
                / Wazuh pain points.md
            
            
              Last active
              February 27, 2024 12:18
            
              
                After I started to use Wazuh, around June 2022, I came across many pain points. Here, I recorded and grouped some of them together. There is no specific order, neither alphabetical nor by importance.
              
          
    Wazuh pain points

After I started to use Wazuh, around June 2022, I came across many pain points. Here, I recorded and grouped some of them together. There is no specific order, neither alphabetical nor by importance.
Table of Contents


Detection Engineering

Sigma? What is that?


Reliability

No local persistence of logs


Possible loss of data in the network #1


## TOTP.ps1
<#
.Synopsis
   Time-based One-Time Password Algorithm (RFC 6238)
.DESCRIPTION
   Based on the script of Jon Friesen - https://gist.github.com/jonfriesen/234c7471c3e3199f97d5
.EXAMPLE
   Get-OTP -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # Default OTP length is 6 digits and period is 30 seconds
.EXAMPLE
   totp -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # you can use totp or otp alias
.EXAMPLE

## New-SysmonArchiveQuota.ps1
#Requires -RunAsAdministrator

<#
.Synopsis
   Generates Sysmon Archive file quota for `File Delete` events to help managing the size.
.DESCRIPTION
   Based on: https://blog.nviso.eu/2022/06/30/enforcing-a-sysmon-archive-quota/
.INPUTS
    None. Cmdlet does not accept pipe values.
.OUTPUTS

## Microsoft.Powershell_profile.ps1
# Logging
$LogCommandHealthEvent = $true
$LogCommandLifecycleEvent = $true

# Culture
Set-Culture -CultureInfo en-us
[Console]::InputEncoding = [System.Text.Encoding]::UTF8
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8

# Modify Get-History alias, like history command in bash

## Start-WindowsActivation.ps1
#Requires -RunAsAdministrator
#Requires -Version 5
<#
.Synopsis
Activates Windows via KMS
.DESCRIPTION
It's a drop in replacement for slmgr scripts
.EXAMPLE
Start-WindowsActivation -Verbose # Activates the local computer
.EXAMPLE

## RegistryPolViewer.ps1
#Requires -Modules GPRegistryPolicyParser
#Requires -Version 5

Import-Module -Name GPRegistryPolicyParser -WarningAction Ignore
Add-Type -AssemblyName System.Windows.Forms

$Script:response = [System.Windows.Forms.MessageBox]::Show("Do you want to open current hives?`n`nClick Yes to display current hives on this computer.`nClick No to pick a `'registry.pol`' file to read.", "Open current hives?", [System.Windows.MessageBoxButton]::YesNoCancel, [System.Windows.MessageBoxImage]::Question)

switch ($Script:response)
{

## AddTemplateFolders.PS1
#Requires -Version 3

# In this scenario, it is assumed that each user will have a home folder, including 3 sub-folders as a template.
# The tree can be visualized like below:
#
# Home
# |_ user1
# |_ user2
# |_ user3
# |_ user4
	# Set proxy settings if behind an enterprise proxy by using these in PS profile
	[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy('http://proxy:port')
	[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
	[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true

	# Set proxy settings for git
	git config --global https.proxy http://username:password@proxy:port
	git config --global http.sslVerify false

	# Type the command to install Chocolatey
	<#
	.Synopsis
	Shows Windows native credential dialog on PowerShell 7.x and VS Code.
	.DESCRIPTION
	The cmdlet utilizes Windows native code based on P/Invoke calls. The parameters and output are the same as Get-Credential cmdlet. Based on the example: https://www.developerfusion.com/code/4693/using-the-credential-management-api/
	.SYNTAX
	Get-WinCredential [[-UserName] <string>] -Message <string> [<CommonParameters>]
	.EXAMPLE
	Get-WinCredential
	.EXAMPLE
	[user]
	name = Zafer Balkan
	email = zafer@zaferbalkan.com
	username = zbalkan
	signingkey = EECD6A2984E3EEE3
	[init]
	defaultbranch = master
	[core]
	pager = delta
	autocrlf = true
	<#
	.Synopsis
	Time-based One-Time Password Algorithm (RFC 6238)
	.DESCRIPTION
	Based on the script of Jon Friesen - https://gist.github.com/jonfriesen/234c7471c3e3199f97d5
	.EXAMPLE
	Get-OTP -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # Default OTP length is 6 digits and period is 30 seconds
	.EXAMPLE
	totp -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # you can use totp or otp alias
	.EXAMPLE
	#Requires -RunAsAdministrator

	<#
	.Synopsis
	Generates Sysmon Archive file quota for `File Delete` events to help managing the size.
	.DESCRIPTION
	Based on: https://blog.nviso.eu/2022/06/30/enforcing-a-sysmon-archive-quota/
	.INPUTS
	None. Cmdlet does not accept pipe values.
	.OUTPUTS
	# Logging
	$LogCommandHealthEvent = $true
	$LogCommandLifecycleEvent = $true

	# Culture
	Set-Culture -CultureInfo en-us
	[Console]::InputEncoding = [System.Text.Encoding]::UTF8
	[Console]::OutputEncoding = [System.Text.Encoding]::UTF8

	# Modify Get-History alias, like history command in bash
	#Requires -RunAsAdministrator
	#Requires -Version 5
	<#
	.Synopsis
	Activates Windows via KMS
	.DESCRIPTION
	It's a drop in replacement for slmgr scripts
	.EXAMPLE
	Start-WindowsActivation -Verbose # Activates the local computer
	.EXAMPLE
	#Requires -Modules GPRegistryPolicyParser
	#Requires -Version 5

	Import-Module -Name GPRegistryPolicyParser -WarningAction Ignore
	Add-Type -AssemblyName System.Windows.Forms

	$Script:response = [System.Windows.Forms.MessageBox]::Show("Do you want to open current hives?`n`nClick Yes to display current hives on this computer.`nClick No to pick a `'registry.pol`' file to read.", "Open current hives?", [System.Windows.MessageBoxButton]::YesNoCancel, [System.Windows.MessageBoxImage]::Question)

	switch ($Script:response)
	{
	#Requires -Version 3

	# In this scenario, it is assumed that each user will have a home folder, including 3 sub-folders as a template.
	# The tree can be visualized like below:
	#
	# Home
	# \|_ user1
	# \|_ user2
	# \|_ user3
	# \|_ user4