Added the following recon functions written by Joe Bialek
(@JosephBialek):
- Find-4648Logons
- Find-4624Logons
- Find-AppLockerLogs
- Find-PSScriptsInPSAppLog
- Find-RDPClientConnections
- Get-ComputerDetails (Combines all of the above functions into a single
function)
All info gathering pieces of this script can now be called individually.
Fixed a bug where the user SID wasn't being converted to a username in
the RDP function.
Get-ComputerDetails is a recon script which pulls a variety of useful
information off a computer which might later be useful by an attacker.
This includes:
Logons
AppLocker process start logs
PowerShell logs to find scripts run
RDP Client saved servers
clymb3r
mattifestation