https://www.verboon.info/comments/feed/Alex VerboonWordPress2022-05-04T14:35:11Zhttps://www.verboon.info/2019/10/microsoft-defender-atp-advanced-hunting-whos-logging-on-with-local-admin-rights/comment-page-1/#comment-2760712022-05-04T14:35:11Zhttps://www.nosite.nli get this error: Error message
Path expression IsLocalLogon source must be scalar of type ‘dynamic’. Received a source of type string instead
]]>https://www.verboon.info/2017/07/powershell-script-get-batterychargestatus/comment-page-1/#comment-2760702022-04-23T00:22:52ZThis is missing: Get-ExecutionPolicy -List and Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
]]>https://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/comment-page-1/#comment-2759282021-12-21T19:52:52ZScanning only for *log4j*.jar is not enough. Log4j can also be part of every .jar or .war file.
]]>https://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/comment-page-1/#comment-2759262021-12-20T10:51:31ZGreat post Alex but I always got a warning message as I run the line:
$log4 = Export-CMScriptResults -ScriptName “log4j-core files” -SiteCode “P..” -SiteServer “SCCM..”
This is the warning message:
WARNING: No Script found with the name log4j-core files in the ConfigMgr Script Repository
I replaced the SiteCode and SiteServer with our own settings.
Regards,
Ron.
]]>https://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/comment-page-1/#comment-2759252021-12-17T14:22:49ZNice article. But according to my understanding the log4j component can be also part of other .jar files and not only files which are named “*log4j-core*”.
So for example the command line utility of lunasec (https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/) examines all .jar files for the known hash values.
]]>https://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/comment-page-1/#comment-2759232021-12-15T22:10:40Zhttp://www.verboon.infoYes, but to my experience not everyone makes use of this capability
]]>https://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/comment-page-1/#comment-2759222021-12-15T21:35:05Zhttps://www.JoseEspitia.comGreat post Alex. I decided to try something a little different since Get-ChildItem is so slow. Feel free to check out the script 🙂 https://joseespitia.com/2021/12/15/how-to-detect-the-log4shell-vulnerability-with-powershell/
]]>https://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/comment-page-1/#comment-2759212021-12-15T19:03:46ZWould not be easier to scan simply with software inventory?
]]>https://www.verboon.info/2019/09/extract-configmgr-script-status-results-with-powershell/comment-page-1/#comment-2759202021-12-14T22:25:17Zhttps://www.verboon.info/2021/12/how-to-detect-the-log4shell-vulnerability-cve-2021-44228-with-microsoft-endpoint-configuration-manager/[…] Next, we are going to extract the Run Script results with PowerShell. I wrote about this method earlier in this blog post Extract ConfigMgr Script Status Results with PowerShell – Anything about IT (verboon.info) […]
]]>https://www.verboon.info/2021/10/defender-for-endpoint-unified-solution-for-windows-server-2012-r2-and-2016-part1/comment-page-1/#comment-2759192021-12-06T21:30:08Zhttp://www.verboon.infoHI Thomas, see my part 2 blog post https://www.verboon.info/2021/12/defender-for-endpoint-unified-solution-for-windows-server-2012-r2-and-2016-part2/
]]>https://www.verboon.info/2021/10/defender-for-endpoint-unified-solution-for-windows-server-2012-r2-and-2016-part1/comment-page-1/#comment-2759182021-12-06T21:28:55Zhttps://www.verboon.info/2021/12/defender-for-endpoint-unified-solution-for-windows-server-2012-r2-and-2016-part2/[…] my previous post (Part1) I provided an overview of the new Microsoft Defender for endpoint unified solution for Windows […]
]]>https://www.verboon.info/2021/10/defender-for-endpoint-unified-solution-for-windows-server-2012-r2-and-2016-part1/comment-page-1/#comment-2759152021-11-05T15:42:55ZDo you know how existing MMA Agent based servers can be upgraded? Especially if the MMA Agent is still required for other monitoring tasks??
]]>https://www.verboon.info/2020/06/defender-atp-advanced-hunting-with-ti-from-urlhaus/comment-page-1/#comment-2759112021-09-27T17:28:40Zhttp://www.verboon.infoHello James, I will try to look into this
]]>https://www.verboon.info/2011/06/the-gathernetworkinfo-vbs-script/comment-page-1/#comment-2759102021-09-26T07:30:55Zhttps://udil.fr/windows/est-ce-que-quelquun-sait-ce-quest-collectnetworkinfo-vbs-cest-dans-un-system32/[…] Voici quelques informations : http://www.verboon.info/index.php/2011/06/the-gathernetworkinfo-vbs-script/ […]
]]>https://www.verboon.info/2014/10/use-powershell-to-find-all-collections-where-the-specified-device-has-a-membership/comment-page-1/#comment-2759092021-09-17T01:18:14ZIts 2021 and I just found this from so many years ago. This works beautifully, I wish I had found it earlier.
]]>