- Apr 25, 2015
- 1,845
- 2
- 2,199
- 327
Let's run through a sample case, we get a process list from system 1:
Then how about we get unique files:
So now we have a tasks file to open in Excel.
Insert just above, like so:
Time to add server names and highlight AN ENTIRE LIST to format.. for example click "B" so the FULL_FUCKING_ENTIRE_COLUMN is selected (not like my picture shows):
Click on "Home > Conditional Formatting > New Rule..."
Select "Use a formula to determine which cells to format"
Now enter this:
Select a format to apply, for example I select Fill > select blue color for the font text color.
...
Now you can see, side-by-side comparison of known files versus unknown files.
Imagine doing this with file hashes, we will come back around to that another time.
Code:
Get-Process | Select-Object Path | sort | findstr ".exe" > C:\running.txtThen how about we get unique files:
Code:
gc .\running.txt | gu > tasks.csvSo now we have a tasks file to open in Excel.
Insert just above, like so:
Time to add server names and highlight AN ENTIRE LIST to format.. for example click "B" so the FULL_FUCKING_ENTIRE_COLUMN is selected (not like my picture shows):
Click on "Home > Conditional Formatting > New Rule..."
Select "Use a formula to determine which cells to format"
Now enter this:
Code:
=countif($A:$A, $B1)Select a format to apply, for example I select Fill > select blue color for the font text color.
...
Now you can see, side-by-side comparison of known files versus unknown files.
Imagine doing this with file hashes, we will come back around to that another time.