Some scripts and things that are useful for Windows things
Thanks to Dr. Mike O'Leary (Twitter: @MikeOlearyTU ) and his book Cyber Operations for a lot of these
- AutorunRegistryLocations -- a handful of autorun locations in registry and how to query them using PSExec
- changePasswords.bat -- Batch one-liner to change all the passwords in a domain
- disable_Psexec -- Magical Spell that will turn off PSexec for you
- cmdeveryminute -- MOF file that will fire off a command prompt every minute
- processToPayload -- MOF file that will fire off a payload or other program of your choosing each time that another program starts up
- bulkaddusers -- Add a whole bunch of users to AD from a CSV file
- changepasswords -- Change the passwords for all the users in a domain
- createdUserDected -- Query the event log to determine if any new users have been added
- disableNetBiosTcpip -- Disable NetBIOS over TCP on every adapter for every system in a domain
- newSchTaskAudit -- Query all computers on a domain for new Scheduled Tasks
- newServicesAudit -- Query the event log to find any services that have been created on any domain computer in the the last X amount of time
- OUmove -- Move users in and out of an Active Directory Organizational Unit
- registryChangeAudit -- Query the domain computers for any registry values that have been changed in the last X amount of time
- setDirectoryAuditRule -- Set the permissions of a directory on every computer in the domain
- StartupDirectoryList -- List the files that are in each users startup directory on every computer on the domain
- wmiDetect -- List the WMI Subscriptions for each computer on the domain