Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.
Today we’re starting with a simple one that often gets missed. One of my friends somewhat recently made the follow LinkedIn post:
It felt kind of serendipitous that he made this post right before my session at Dattocon. My session there was about protecting yourself against these sort of attacks. So, today I’m sharing with you how to monitor if your VSS snapshots have not been deleted, and if they are above the count that you’ve specified.
VSS Monitoring script
Now this is a pretty short one right? Don’t you hate it when you wait for a blog for months and don’t get more than a spoon full? I do. So let’s solve another problem in Ryan’s post. When attackers hit they often edit the bcd file way before executing the actual attack, so it’s a good thing to signal on;
Two fairly easy scripts, but both could save you a lot of headache.
Always, Happy PowerShelling. :)