Technology

5 Quick Troubleshooting Labs for Security Admins (PowerShell)

By Nizar

These mini labs are fast ways to practice troubleshooting in a safe environment.

Lab 1: Burst of failed logons

Get-WinEvent -FilterHashtable @{LogName='Security'; Id=4625; StartTime=(Get-Date).AddHours(-2)} | Group-Object MachineName | Sort-Object Count -Descending

Lab 2: New local admin appears

Get-LocalGroupMember -Group "Administrators" | Select Name,PrincipalSource

Lab 3: Unexpected new service

Get-WinEvent -FilterHashtable @{LogName='System'; Id=7045; StartTime=(Get-Date).AddDays(-1)} | Select TimeCreated,Message

Lab 4: Suspicious process spike

Get-Process | Sort CPU -Descending | Select -First 20 Name,Id,CPU,Path

Lab 5: Outbound connection quick check

Get-NetTCPConnection -State Established | Select LocalAddress,LocalPort,RemoteAddress,RemotePort

By Nizar

Related Post

Technology

GrapheneOS Deep Dive: Installation, Security Features, Challenges, and Practical Expectations

Nizar
Technology

Windows Security Triage Playbook with PowerShell (Step-by-Step)

Nizar
Technology

Weekly Command Pack: 12 PowerShell Commands for Security Ops

Nizar

You Missed

Technology

GrapheneOS Deep Dive: Installation, Security Features, Challenges, and Practical Expectations

Technology

Windows Security Triage Playbook with PowerShell (Step-by-Step)

Technology

Weekly Command Pack: 12 PowerShell Commands for Security Ops

Technology

Incident Micro-Scenario: Locked Accounts Spike in 15 Minutes

Share
Copy Link
×