This is a macro I wrote that mimics the Highlight+Reply you get with Outlook for Mac or the older Entourage software. I use PhraseExpress software with an assigned hot key.
{#clipboard -copy}{#sleep 100}{#CTRL {#SHIFT -chars r}}{#sleep 100}{#CTRL -chars a}{#sleep 100}{#DEL}{#sleep 100}{#ENTER -count 2}{#sleep 100} ======TRUNCATED MESSAGE====== {#ENTER}{#sleep 100}{#clipboard -paste}{#sleep 100}{#CTRL -chars a}{#sleep 100}{#CTRL -chars q}{#sleep 100}{#CTRL -chars i}{#sleep 100}{#HOME}{#sleep 100}{#CTRL {#SHIFT -chars t}}{#sleep 100}{#CTRL -chars i}
Many times you will need to set this execution policy to run Powershell scripts
set-executionpolicy -scope CurrentUser Unrestricted
In the time of incidents, Windows Event logs provide a plenty of useful information for the Incident responder.As you know Windows can generate thousands of events in few minutes ,in this diary I will talk about some of the most useful events and in the next diary I would discuss how to use PowerShell to search for them .
Here is of the most useful events for Forensics/Incident response:
Event ID
This Powershell command will print out a list of environment variables in the system.
Get-ChildItem Env:
Introduction: A quick script to watch a website to see if it remains online. Checks every five seconds. This is different than doing a simple ping check as it actually takes a look at the site and returns a status code. This is especially useful if you want to make sure a site is up during a critical event.
while ($true -eq $true) {curl DOMAIN_NAME.COM | findstr "RawContent"; sleep 5} Or