Month: September 2017

PowerShell Cheat Sheet

I recall when I started out in PowerShell coming from Python. Some aspects of the language I was able to pick up on rather quickly while other aspects took some take. I found myself writing down notes until I was able to remember them on my own. Reminiscing on that inspired me to develop a cheat sheet for others who are aspiring to make the jump. The cheat sheet is not an all incompassing list but it touches on most of the important areas of the language to get a person started.

PS Cheat Sheet

Find Malicious Versions of CCleaner

In light of the recent discovery about the malicious versions of CCleaner and the millions affected, it felt like a great time to write some PowerShell scripts that enable a person to identify if the malicious versions of CCleaner are on a system and if so, provides a method to delete the software.

The below checks a local machine for the malicious versions of CCleaner.

Using PS Remoting, the below allows you to get a list of systems with the infected versions.

Using PS Remoting, the below allows you to remove CCleaner with the infected versions.

Using WMI, the below allows you to look for the infected versions. It also writes a log of infected and not infected machines along with deleting the software from the infected machines.

 

 

Determining WinRM connections to a Machine

PSRemoting is an awesome feature in Microsoft Windows that serves as a ssh-like function. In Server 2012 and newer, it is enabled by default. You will, however, need to enable the feature on any client system you’d want to use it on. Some organizations feel having the service enabled throughout their organization is more of the burden than something that will increase productivity. Most of those of thoughts stem from not knowing who and is connecting or connected to systems. Luckily, there is a built-in cmdlet to should ease the worrying.

With suitable rights on a system, we can use the below to see who is connected to our system.

Below are the results.

To clean this up a little, we can do the following:

Our results are shown below and are a little easier to understand.

You could easily setup this up on some reoccurring schedule and output it to a file for further analysis.