Reader small image

You're reading from  PowerShell Automation and Scripting for Cybersecurity

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781800566378
Edition1st Edition
Right arrow
Author (1)
Miriam C. Wiesner
Miriam C. Wiesner
author image
Miriam C. Wiesner

Miriam C. Wiesner is a senior security researcher at Microsoft, with over 15 years of experience in IT and IT security. She has held various positions, including administrator/system engineer, software developer, premier field engineer, program manager, security consultant, and pentester. She is also a renowned creator of open source tools based in PowerShell, including EventList and JEAnalyzer. She has been invited multiple times to present the research behind her tools at many international conferences, such as Black Hat (the US, Europe, and Asia), PSConfEU, and MITRE ATT&CK workshop. Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany.
Read more about Miriam C. Wiesner

Right arrow

Blue team cookbook

In the following subsections, you will find some code snippets that come in handy for your daily life as a blue team PowerShell practitioner. Blue teaming is quite extensive; therefore, you won’t find use cases for every scenario but, rather, some of the basics.

Also, refer to Chapter 8, Red Team Tasks and Cookbook, as you will find many red teamer code snippets and scripts there that can also sometimes be useful for a blue teamer.

Checking for installed updates

You want to find out which updates were installed on one or more remote systems.

Solution

You can use the Get-InstalledUpdates.ps1 script to scan an IP range for installed Windows updates. You can find the script in the GitHub repository of this chapter: https://github.com/PacktPublishing/PowerShell-Automation-and-Scripting-for-Cybersecurity/blob/master/Chapter09/Get-InstalledUpdates.ps1.

Use this example to scan the 172.29.0.10-20 IP range for installed updates:

> .\Get-InstalledUpdates...
lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
PowerShell Automation and Scripting for Cybersecurity
Published in: Aug 2023Publisher: PacktISBN-13: 9781800566378

Author (1)

author image
Miriam C. Wiesner

Miriam C. Wiesner is a senior security researcher at Microsoft, with over 15 years of experience in IT and IT security. She has held various positions, including administrator/system engineer, software developer, premier field engineer, program manager, security consultant, and pentester. She is also a renowned creator of open source tools based in PowerShell, including EventList and JEAnalyzer. She has been invited multiple times to present the research behind her tools at many international conferences, such as Black Hat (the US, Europe, and Asia), PSConfEU, and MITRE ATT&CK workshop. Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany.
Read more about Miriam C. Wiesner