sobota, 26 listopada 2016

Windows logs in PowerShell

I was wondering if anyone of you remember the zap2.c :) I couldn't find "zap2.c for Windows" so I was wondering if I can do something like that... in PowerShell... in Windows... ;) This is what I found:

If you're looking for any hints like 'how to write something in Powershell' I recommend you... googling. There are already published articles about it: for example here, here or here:) This post is based on those 3 links.

So we can read from EventLog, searching on the 'Source':

Ok, so what if we can write? We can write (for the "source": 'Information') like this:

Now, we can create a PowerShell script (as it was described in link[3]) where we will look for a "name" ('source') and list it. After the listing (and reading all 3 links above) you should now be able to write your own log-cleaner/spoofer (like 'zap2.c' ;)) in PowerShell.

For now, simple skeleton looks like this:

Have fun, and remember to use this idea only for legal things ;)


Brak komentarzy:

Prześlij komentarz