Month: November 2015

PowerShell Network Connection Monitor Script

This script displays the current TCP/IP connections for a local or remote system to include the PID, process name, port, and its current running state (listening, established, etc..). If the port is not yet established, the port number is shown as an asterisk (*). It will also take the initial output and save it to old_state.txt and then sleep for a period of time of your choosing before running again and outputting to new_state.txt. It will then compare the two files and print the output to the screen. Both files will be saved to the directory in which the script was ran from (not located). It will continue to do this process until the script is stopped.

This PowerShell script can be found in my script repo on the right-hand side of the screen.

PowerShell Remote Process Termination

Ever remotely executed a program on another system but the process failed to exit which lead it to being an active process on the users system? No matter the cause or what your purpose on the system is, that is never a good thing. We can quickly fix the issue with PowerShell. To do so, we can use a script in which we supply it with the hostname or IP along with the process name of the process.

This PowerShell script can be found in my script repo on the right-hand side of the screen.

Disconnect… Making the Internet Safer and More Private One Connection at a Time

Have you ever been browsing the web for a good or service and notice that a totally unrelated site suggests the very same or similar items you were previously searching for? What about browsing the web and it taking forever to load a page? Did you know that some websites not only see what you are doing, but also where your physical location is? What about that some ads contain malware? If you are like most people, you may have answered no to all or some of those questions but now that you know, now what? Well the open-source Disconnect plug-in available in Google Chrome and Mozilla Firefox could help you tremendously in stopping the aforementioned from occurring. Disconnect prides itself on making the Internet safe and private while increasing browsing speeds.

So how does it work? Well, after installation, a Disconnect icon will be visible in your toolbar. Clicking on it will bring up the menu as shown below.



Detecting Alternate Data Streams with PowerShell and DOS

Alternate Data Streams (ADS) are nothing new and there are a few ways to detect them within a NTFS filesystem. My tools of choice for detecting an ADS is LADS (List Alternate Data Streams) by Frank Heyne or SysInternals’ Streams… both of which work rather well. My issue though is that I, much like the customer, normally wants to limit and lessen the amount of external tools that are added to any of their systems. Resident to Microsoft Windows, we have a way to do some detection using one of two ways but one provides a little more capability than the other. Let’s check them both out.

The DOS way depicted below will recursively search a directory (/s), search for ADS (/s), and then look at the string “:DATA”.

The PowerShell way is depicted below. Be advised that the cmdlet used below goes back as far as version 2. The –Stream option was not available until version 4.

If you just executed these commands, you probably noticed how a number of the files might have popped up matching the (more…)