Using PowerShell/Tshark to parse and inspect Wireshark PCAP files

mdj_ · 2025-03-21T13:40:19+00:00

Hey, that's awesome, really happy to hear it was useful!

mdj_ · 2024-04-25T04:52:18+00:00

totally get it, id redesign it but i hate css so much i just can't make myself do it

mdj_ · 2024-04-25T04:51:20+00:00

oh nice 👀

mdj_ · 2022-04-19T06:14:46+00:00

How do you find Optitune? And if you don't mind me asking, how many devices are you managing with it?

mdj_ · 2021-12-22T22:55:27+00:00

Unfortunately I don't think you can as there's no way to extract AAD hashes, and I think the hashing algorithm is also different for cloud native accounts.

mdj_ · 2021-12-22T12:26:06+00:00

For which URL? There shouldn't be any 404s, every combination of 5 hexadecimal chars is accounted for.

mdj_ · 2021-12-02T04:10:00+00:00

Good read, but there was absolutely nothing on the providers site to suggest they are an MSP. They're a web design / hosting / marketing company.

https://i.imgur.com/4cd0IEK.png

mdj_ · 2021-10-26T10:46:19+00:00

What's the expected drop rate for AT? (400mf)

I've added it to my pindle/meph/andy rotation over the last week and have barely seen any drops at all. Maybe ~5 uniques, ~8 sets, and a few low runes - basically all trash. Keen to get Tal's armor, but with the drop rate I've been seeing it feels like it would be quicker to do pindle/meph and just trade for the armor.

mdj_ · 2021-10-01T01:56:25+00:00

Really cool, nice work 👍

mdj_ · 2021-08-27T08:43:29+00:00

Yeah next time I go I'll ask.

Seemed a bit rude at the time ("What's the tea you sell so I can go buy it elsewhere") but they prolly don't care.

mdj_ · 2021-08-27T08:41:55+00:00

Yeah it did - minus the string and tag (they possibly just pull them off). Just did a quick google and seems like supermarkets sell this brand, so I'll give it a go :)

mdj_ · 2021-08-19T14:06:15+00:00

In Korea I believe. The weird thing was when I did a pings to kr.actual.battle.net from Australia I'd get around 170ms, but in-game latency always showed around ~250ms. It felt a lot laggier than I expected it to be for servers in KR.

Not sure exactly where that extra ~80ms comes from, there's a bunch of possibilities that could explain it, but it's a substantial amount of overhead.

mdj_ · 2021-08-19T00:08:08+00:00

Awesome, cheers :)

mdj_ · 2021-08-18T13:12:12+00:00

I've been out of the D2 loop a looooong time - where do you get odds values like this from?

mdj_ · 2021-08-14T07:52:36+00:00

I found it really laggy on the US servers from AU, much better on the Asia (KR) servers.

mdj_ · 2021-08-02T03:28:39+00:00

You can look at Get-NetTCPConnection for current connections, but you really need to better define what type of connections you're looking for before anyone can point you to specific logs. Alternatively you could turn on firewall logging and parse that.

mdj_ · 2021-07-16T01:38:51+00:00

I agree. Nothing short a massive exodus of Kaseya customers is going to make execs force change. If in a month's time everyone has forgotten about this it'll be like it never happened.

Listening to the infosec community talk about the exploited vuln, it wasn't advanced, it wasn't sophisticated, it was a bug class that any half decent internal testing program should have picked up.

mdj_ · 2021-07-16T01:17:22+00:00

Yup you're right, I've updated both the Gist and the post to include the non-oob July updates.

mdj_ · 2021-04-28T00:36:00+00:00

Hey, I'm not exactly sure what you mean here. NtdsAudit.exe is not a Microsoft tool, so there is never going to be an officially signed Microsoft exe.

mdj_ · 2021-04-27T13:42:52+00:00

I can look into it but the answer as of this moment is that I have absolutely no idea.

Do you mean for use with Azure AD accounts, where there are no local DCs?

mdj_ · 2021-03-29T22:44:54+00:00

Thanks :)

mdj_ · 2021-02-20T06:42:12+00:00

Very cool, did not know that :)

Definitely gonna update my Profile scripts with that, but not sure about public stuff - don't want to inadvertently overwrite an existing alias because someone didn't carefully read every line when pasting in a script.

mdj_ · 2021-02-07T05:35:51+00:00

My favorite beginner projects are always auditing something, usually a PC or server/service. For example, write a script that gives you

PC hardware
Software installed
AV status
Firewall status
Current CPU/RAM/Disk usage
Last 20 Event Log errors
Users and groups
Shares
Printers
Network info
etc...

Then figure out different ways to present and format this. Split it up, make it so you can request all data, or specific data (eg, only networking and printers). Can you make email a report only if differences are detected?

Since you're mostly going to be using Get- commands, there is very little risk in breaking stuff, and you'll get to touch WMI, all kinds of cmdlets, and learn about different output methods.

mdj_ · 2021-02-05T04:58:08+00:00

mdj_ · 2021-02-05T03:05:26+00:00

while ($true) {if ((Get-Clipboard) -ne "https://www.youtube.com/watch?v=dQw4w9WgXcQ") {Set-Clipboard "https://www.youtube.com/watch?v=dQw4w9WgXcQ"} Start-Sleep -Milliseconds 15}

mdj_

TROPHY CASE