After I started to use Wazuh, around June 2022, I came across many pain points. Here, I recorded and grouped some of them together. There is no specific order, neither alphabetical nor by importance.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set proxy settings if behind an enterprise proxy by using these in PS profile | |
[system.net.webrequest]::defaultwebproxy = new-object system.net.webproxy('http://proxy:port') | |
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials | |
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true | |
# Set proxy settings for git | |
git config --global https.proxy http://username:password@proxy:port | |
git config --global http.sslVerify false | |
# Type the command to install Chocolatey |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.Synopsis | |
Shows Windows native credential dialog on PowerShell 7.x and VS Code. | |
.DESCRIPTION | |
The cmdlet utilizes Windows native code based on P/Invoke calls. The parameters and output are the same as Get-Credential cmdlet. Based on the example: https://www.developerfusion.com/code/4693/using-the-credential-management-api/ | |
.SYNTAX | |
Get-WinCredential [[-UserName] <string>] -Message <string> [<CommonParameters>] | |
.EXAMPLE | |
Get-WinCredential | |
.EXAMPLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[user] | |
name = Zafer Balkan | |
email = zafer@zaferbalkan.com | |
username = zbalkan | |
signingkey = EECD6A2984E3EEE3 | |
[init] | |
defaultbranch = master | |
[core] | |
pager = delta | |
autocrlf = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.Synopsis | |
Time-based One-Time Password Algorithm (RFC 6238) | |
.DESCRIPTION | |
Based on the script of Jon Friesen - https://gist.github.com/jonfriesen/234c7471c3e3199f97d5 | |
.EXAMPLE | |
Get-OTP -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # Default OTP length is 6 digits and period is 30 seconds | |
.EXAMPLE | |
totp -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # you can use totp or otp alias | |
.EXAMPLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -RunAsAdministrator | |
<# | |
.Synopsis | |
Generates Sysmon Archive file quota for `File Delete` events to help managing the size. | |
.DESCRIPTION | |
Based on: https://blog.nviso.eu/2022/06/30/enforcing-a-sysmon-archive-quota/ | |
.INPUTS | |
None. Cmdlet does not accept pipe values. | |
.OUTPUTS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Logging | |
$LogCommandHealthEvent = $true | |
$LogCommandLifecycleEvent = $true | |
# Culture | |
Set-Culture -CultureInfo en-us | |
[Console]::InputEncoding = [System.Text.Encoding]::UTF8 | |
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8 | |
# Modify Get-History alias, like history command in bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -RunAsAdministrator | |
#Requires -Version 5 | |
<# | |
.Synopsis | |
Activates Windows via KMS | |
.DESCRIPTION | |
It's a drop in replacement for slmgr scripts | |
.EXAMPLE | |
Start-WindowsActivation -Verbose # Activates the local computer | |
.EXAMPLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Modules GPRegistryPolicyParser | |
#Requires -Version 5 | |
Import-Module -Name GPRegistryPolicyParser -WarningAction Ignore | |
Add-Type -AssemblyName System.Windows.Forms | |
$Script:response = [System.Windows.Forms.MessageBox]::Show("Do you want to open current hives?`n`nClick Yes to display current hives on this computer.`nClick No to pick a `'registry.pol`' file to read.", "Open current hives?", [System.Windows.MessageBoxButton]::YesNoCancel, [System.Windows.MessageBoxImage]::Question) | |
switch ($Script:response) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Version 3 | |
# In this scenario, it is assumed that each user will have a home folder, including 3 sub-folders as a template. | |
# The tree can be visualized like below: | |
# | |
# Home | |
# |_ user1 | |
# |_ user2 | |
# |_ user3 | |
# |_ user4 |
NewerOlder