by Edward van Biljon | Dec 29, 2023 | PowerShell, PowerShell ISE, PowerShell V7, Windows Server 2016 PowerShell, Windows Server 2019 PowerShell, Windows Server 2022 PowerShell
In a previous blog post, we searched for a specific keyword in PowerShell and displayed it in PowerShell directly. In this blog post, we will be looking for a specific Event ID that is triggered when an account cannot be logged onto and sometimes you can see the...
by Edward van Biljon | Dec 28, 2023 | PowerShell, PowerShell ISE, PowerShell V7
Many items that run in Windows have scheduled tasks that run at certain intervals. Malware and bad actors like abusing scheduled tasks because they contain elevated privileged accounts which run as SYSTEM. Have you ever wondered what is actually running on Windows...
by Edward van Biljon | Dec 27, 2023 | Exchange 2019 PowerShell, Exchange 2013 PowerShell, Exchange 2016, Exchange 2016 PowerShell, Exchange 2019
When you manage Exchange 2019 Servers or Exchange 2016 Servers, whitespace is a common factor that has to be taken into account. The database will grow overtime as users gets added or removed or things change and eventually you end up with disks that cannot be...
by Edward van Biljon | Dec 19, 2023 | Exchange 2019 PowerShell, Exchange 2016 PowerShell, PowerShell, PowerShell ISE, PowerShell V7, Windows Server 2016 PowerShell, Windows Server 2019 PowerShell, Windows Server 2022 PowerShell
In my blog post on collaborationpro.com where I showed you how to get a reverse shell on Windows Server 2022 and then demonstrated how ESET removed the file, well, because it was on Windows Server 2022 Core, there is not browser option so I had to put together a quick...
by Edward van Biljon | Dec 17, 2023 | Exchange 2019 PowerShell, Exchange 2016 PowerShell, Exchange 2019, Exchange Online PowerShell, PowerShell, PowerShell ISE, PowerShell V7
In my previous blog post, we looked at creating a self signed certificate using PowerShell (3x Liner). The certificate obviously is not what a professional cert is, one thing missing is the “Friendly Name” which can be changed in the MMC and certificates...