Skip to main content

Microsoft

Event Logs

DCSync Related Logs related to DCSync Credential attacks. This is a start but needs more fil...

Excel

Conditional highlighting with functions This is a collection of frequently used functions for co...

Installing Certificates on Windows

Using PowerShell to install into the Local Computer store This can only be done with elevated pr...

Junctions

Finding junctions / reparse points # return all reparse points on the C: volume DIR C:\ /S /A...

Microsoft Remote Desktop Certificates

Manually replacing RDP certificate Install the new certificate in the Local Computer Personal st...

Network Policy Server / NPS

  Enable NTLMv2 support for MSCHAPv2 RADIUS requests Enables proxied radius requests when using...

On-Prem to Azure DNS Migration

The Azure CLI can easily be used to do this migration. Here's the steps to use the Azure CLI: Cr...

OpenSSH on Windows

https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?...

PowerShell

Active Directory

Get-SMBOpenFile

Basics

Expanding objects Much of the data we receive from cmdlets are objects that require furthe...

Errors and Solutions

This page contains a list of common PowerShell errors and their solutions. Invoke-WebRequest...

Firewall management

List firewall rules with ICMP in the DisplayName Get-NetFirewallRule | Where-Object DisplayName -...

Group Policy and PowerShell

You can manage Group Policy via PowerShell... who knew!? 🤣 Listing GPOs Get-GPO -All | Sort-O...

Querying Event Logs

I noticed that there is a huge speed difference between using an XML Query and PowerShell Get-Eve...

Snippets

While a file exists or not # while a file exists While (Test-Path C:\Temp\File_I_Want_Gone....

Useful PowerShell Commands

Placeholder Select-String is the Grep equivalent Examples: # Searching for multiple patterns...

Windows Network Management from the command line

Get interface metrics # IPv4 - Display interfaces sorted by metric and alias Get-NetIPI...

Resource Usage

SYSTEMINFO You can cheat and use good old SYSTEMINFO from any command line. This will give y...

64-bit or 32-bit machine / ps host / process

Various ways of determining if the system is 64-bit or 32-bit [Source] # Get the path where pow...

Installed software via PowerShell

    Query registry for installed software There's more data in each registry than is being dis...

TCP/IP Reset

WiFi adapter sees available network, however will not accept tcp/ip address. Attempting to reset ...

Teams

  Busy on busy during calls InboundPstnCallRoutingTreatment must be set to something other ...

Transitioning from old to new

IPv4 ARP -> IPv6 Neighbors netsh interface ipv6 show neighbors # OUTPUT: Interface 16: Wi-Fi ...

Useful MSSQL Queries

    Show running queries SELECT req.session_id, req.status, req.command, req.cpu_time, req...

Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system u...

Power Automate

Teams webhook requests for Mezmo Alerts

Mezmo Webhook configuration Content-Type: application/json { "title": "Mezmo - User accoun...

Microsoft Remote Desktop

Select RDP transport protocols (client side) Source   Check Get-ItemProperty -Path "HKLM:\S...

PowerShell Modules

PowerAruba

PowerAruba PowerArubaSW - PowerShell module to manage ArubaOS switches  

Microsoft 365 Licensing

Source  
Back to top