Handy powershell/bat scripts for security and quality of life. Scripts are commented. General descriptions for each below:
Comprehensive Incident Response Script that gathers common forensic info from a windows system for later analysis.
Powershell wrapper for chainsaw from https://github.com/WithSecureLabs/chainsaw.
Disables native iso mounting via registry to protect against malicious ISOs.
Enables extra windows logging to catch threat actors. Best paired with RMM or SIEM.
Creates FSRM (file server resource manager) file screen/group that only allows specificed file extensions to be written to a given share. Writes eventlog entry if it is violated.
Copies various log files to desired folder with goal of using them for IR.
Gets scheduled task names and actions from task sch root / and displays them. If action contains powershell/cmd/rundll it is likely malicious.
Searches C:\Users recursivley to find any LNK files pointing to cmd.exe, rundll.exe, or powershell.exe
Installs NMAP via choco, runs scan on desired host/IP. Outputs results to styled XML and opens in edge.
Checks haveibeenpwned for all emails in a M365 tenancy. Outputs to terminal and csv. Required HIBP API key.
Gathers various information about a Windows server and outputs to a text file. Useful for trying to determine what a server does for decom or upgrades.
Uses Test-NetConnection to check if a given port is open on a host. Prompts for host and port. Uses TCP instead of ICMP. Loops until you close your posh window.
Pushes Ublock Origin using registry settings. Handy for non domain environments.
Removes WebNavigator/Blaze browser adware/pup binaries and tasks.
Fixes some silly defaults in Windows 10/11 and sets additional settings to reduce chances of TA gaining foothold on an endpoint. Heavily commented. Goal here is to be effective with least breakage.