Author: Ed Itor
Windows Defender Scan with Command line
– cd C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*
Type the following command to perform a custom antivirus scan and press *Enter*:
– MpCmdRun -Scan -ScanType 3 -File PATH\TO\FOLDER-FILES – In the command, make sure to specify the path to the folder you want to scan. – For example, this command scans the “Downloads” folder: – MpCmdRun -Scan -ScanType 3 -File C:\Users\username\Downloads
www.windowscentral.com/how-use-windows-defender-command-prompt-windows-10#custom_scan_cmd_defender
Global DNS Propagation Checker
www.whatsmydns.net/
log collection, storage, and searching
…
*Gathering & shipping logs:*
For Windows Event Logs:
– fluentbit – docs.fluentbit.io/manual/pipeline/inputs/windows-event-log
– fluentd – docs.fluentd.org/input/windows_eventlog
– nxlog – nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_msvistalog
– winlogbeat – www.elastic.co/downloads/beats/winlogbeat-oss
– promtail – grafana.com/docs/loki/latest/clients/promtail/scraping/#windows-event-log
…
While doing more research, I came across clickhouse (which is also supported by some of the tools above) (clickhouse.com/) Clickhouse can store json data and you can do sql queries on that data.
I also came across cloki, which is using clickhouse but emulating loki ( github.com/lmangani/cloki)
The backend is a clickhouse database and you push logs into loki emulator, just like you’d push logs into loki. cloki also supports the same query language as loki and will work with grafana loki connector.
…
*Sample logs:*
To play with any of the tools above without making changes in production env, you can use sample logs or data sources.
github.com/logpai/loghub – github repo that links to several sample logs
www.secrepo.com/ – logs related to security. there are some network traffic logs in there
www.sec.gov/dera/data/edgar-log-file-data-set.html – EDGAR log files
log-sharing.dreamhosters.com/ – various log files
www.logs.to/ – log generator (various types)
github.com/mingrammer/flog – log generator
certstream.calidog.io/ – certificate transparency logs
www.hivemq.com/demos/websocket-client/ / broker.mqttdashboard.com – If you want to grab MQTT demo data. I’m pretty sure people are using this for free for their projects too…
Awesome Threat Intel Links
From the kind offering of hslatman.
github.com/hslatman/awesome-threat-intelligence
Maybe, DNSTrails is for you!
Security Testing domains
Get a domain and log dns requests dnslog.cn/
Monitor Service for security testing ceye.io/
Tokens canarytokens.org
Simple Time web page
Get the time here: chronic.herokuapp.com/utc/now
Source Code here: github.com/progrium/timeapi/tree/master
Run powershell from batch bat command line
Running Powershell from a batch file can be a bit fiddly. Fortunately, Daniel S. has provided all the details. blog.danskingdom.com/allow-others-to-run-your-powershell-scripts-from-a-batch-file-they-will-love-you-for-it/
Additional info available as well. stackoverflow.com/questions/19335004/how-to-run-a-powershell-script-from-a-batch-file stackoverflow.com/questions/46070152/how-to-run-powershell-command-in-batch-file/65911978#65911978 devblogs.microsoft.com/scripting/powertip-start-hidden-process-with-powershell/
password tip
Not sure this would work 100%, but it’s an interesting idea.
[image: image.png]