If whithin 30 second docx file is modified or created action is running
$query = 'select * from __instanceOperationEvent WITHIN 30 WHERE ((__CLASS = "__instanceCreationEvent" OR __CLASS = "__InstanceModificationEvent") AND (TargetInstance ISA "CIM_DataFile") AND (TargetInstance.Extension = "docx"))'
Register-WmiEvent -Query $query -Action {Write-Host "defined action"}
If notepad is started custion action is performed:
$wu = "Select * from win32_ProcessStartTrace where processname = 'notepad.exe'"
Register-WmiEvent -Query $wu -Action {Write-Host "defined action"}
wtorek, 17 lipca 2018
piątek, 9 lutego 2018
Wireshark wireless filtering
wlan.ta == 38:f8:89:48:13:02 - transmitter (AP) address
wlan.fc.type_subtype!=8 - not beacon
wlan.fc.retry == 1 - retransmissions
wlan.fc.type==2 - data frames
wlan.fc.type==0 - management frames
wlan.fc.type_subtype!=8 - not beacon
wlan.fc.retry == 1 - retransmissions
wlan.fc.type==2 - data frames
wlan.fc.type==0 - management frames
piątek, 12 stycznia 2018
certutil and checking CRL
In MMC certificates find out certificate and open it properties. Then look for CRL information. Then use past this link to IE browser and download crl file. Download or export cer file of certificate which needs to be checked. Then use
certutil -dump CRLfileName.crl
to dump all CRL list to output - copy it into notepad
Then look for certificate serial number and you can get exact details when certificate was revoked etc.
certutil -dump CRLfileName.crl
to dump all CRL list to output - copy it into notepad
Then look for certificate serial number and you can get exact details when certificate was revoked etc.
Subskrybuj:
Posty (Atom)