This is more of a personal note on finding the wireless password on Windows as I can never remember the full command.
- Open a Command Prompt and run the following command to display previous wireless networks.
- Command: netsh wlan show profile
- Next, use the following command to show the password.
- Command: netsh wlan show profile <SSID> key=clear
Below is the script that I have been working on to install Sysmon through group policy so you do not have to install it on each workstation/server. I hope to make a few more modifications around updating the .xml file or creating a separate script. The guide for this should be coming over the next week or two and will tie into our WEF deployment guide. From there we will export the logs from our WEF server to Splunk for easier manipulation of the data. To use the script, just replace the <<DOMAIN>> with your domain/file location.
IF NOT EXIST "C:\sysmon" (mkdir "C:\sysmon" & copy /v "\\<<DOMAIN>>\SYSVOL\<<DOMAIN>>\Sysmon\sysmonconfig-export.xml" "C:\sysmon\sysmonconfig-export.xml")
IF NOT EXIST "C:\Windows\Sysmon.exe" GOTO Install
IF EXIST "C:\Windows\Sysmon.exe" GOTO StartService
"\\<<DOMAIN>>\SYSVOL\<<DOMAIN>>\Sysmon\sysmon64.exe" -accepteula -i C:\sysmon\sysmonconfig-export.xml
net start Sysmon
END && EXIT
The following is a list of helpful user agent strings that I have found to help block bogus requests to your website. On an unknown site, you are going to see these block a few thousand attempts every day. The largest one I frequently see is Jorgee. They are vulnerability scanners which are using the default user agent. These are likely looking for low hanging fruit but nice to block them anyway. Below, I have separated my Wordfence user agent block and use the equal (=) sign as the delimiter between the string and a description. I will be updating this post when I find more and the new ones will be added at the end.
*Jorgee* = Vulnerability Scanner
*Nikto* = Vulnerability Scanner
*ZmEu* = Vulnerability Scanner