SysInternals Process Monitor (ProcMon) - Indespensible tool when it comes to determining a process’s activity, such as file and Registry access. PowerShell, especially WinRM/PSRemoting - I can run processes across an entire fleet with the push of a button. Windows Admin Center - Basically Server Manager 2.0, and it’s web based. why are you using that for code instead of something in vscode? I love onenote - but im not keeping code in it, because pasting it back into something is ass. its super handy, and has a couple of command line switches that are great for letting you easily run just like, a 1 minute scan and dump. Procmon i love - constantly lets us show what av/edr is doing, what reg key or path something is in. it adds a lot of steps to 'i just need to tweak this script', and its quirky, so every time i use it and try to get the hang of it i just go.fuck me that was a lot more steps than i wanted to just add a pipe filter to something. but im just writing powershell scripts, and nobody on the team is writing with me. i use it a lot for powershell work just.not optimally. I looked around a couple of times for a good video on making it my powershell-central and turning it up a notch or two but just never found the right resource. I like vscode but its got so much going on and I know I do not leverage it fully. "My EDR agent is using 100% memory!" Turns out a file it was trying to scan was locked by another process. ProcMon/ProcExp: these tools have made it so easy to troubleshoot Windows issues. OneNote: I used to be against it, but after figuring out I can put blocks of code in, it has changed my life. VSCode (also w/ WSL): Getting a proper environment built has helped me tons.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |