https://github.com/21bshwjt/xdomaincontrollers-events

Hunt Weaker Cipher & Weaker Authentication Protocols
https://github.com/21bshwjt/xdomaincontrollers-events

active-directory domaincontroller eventlog powershell powershell-module

Last synced: 3 days ago
JSON representation

Hunt Weaker Cipher & Weaker Authentication Protocols

• Host: GitHub
• URL: https://github.com/21bshwjt/xdomaincontrollers-events
• Owner: 21bshwjt
• Created: 2020-11-09T10:11:02.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2024-07-08T11:29:51.000Z (6 months ago)
• Last Synced: 2024-11-10T17:07:53.881Z (2 months ago)
• Topics: active-directory, domaincontroller, eventlog, powershell, powershell-module
• Language: PowerShell
• Homepage:
• Size: 45.9 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
## Hunt Weaker Cipher & Weaker Authentication Protocols using PowerShell

```diff

+ Get Lockout ,NTLM , RC4, AES , Domain Controllers Uptime & Last Patching Date.

+ The code is designed to work with WinRM and requires the Active Directory (AD) module.

```

### Use-cases

- Get the sources of AES

- Get the sources of NTLM

- Get the sources of RC4

- Get the sources of Account Lockout

- Get Domain Controllers Uptime

- Get Domain Controllers last patching date

### Note

The script runs on Domain Controllers & Domain Admin privilege is needed to run that. 

### Instructions

```powershell

C:\> Install-Module -Name XDomainControllers-Events -RequiredVersion 1.3 -Force -Verbose -Repository PSGallery

C:\> Import-Module XDomainControllers-Events -Verbose

C:\> Get-Command -Module XDomainControllers-Events

CommandType     Name                                               Version    Source

-----------     ----                                               -------    ------

Function        Get-XhuntAES                                       1.3        XDomainControllers-Events

Function        Get-XhuntLockout                                   1.3        XDomainControllers-Events

Function        Get-XhuntNtlm                                      1.3        XDomainControllers-Events

Function        Get-XhuntRC4                                       1.3        XDomainControllers-Events

Function        Get-XhuntUptime                                    1.3        XDomainControllers-Events

Function        Get-XhuntWUdate                                    1.3        XDomainControllers-Events

```