PrintNightmare/CVE-2021-34527 Search the Domain with PowerShell

In my latest blog post “Vulnerability advisory: PrintNightmare/CVE-2021-34527 Zero-day Exploit Code Available – What to do now?” I’ve recommended enabling monitoring with Windows EventLogs or Sysmon logging. Since many small to medium business leak the possibility to aggregate, search and alert on Windows EventLogs, I want to propose a simple yet effective manual way for these businesses until a patch is available.

Continue reading “PrintNightmare/CVE-2021-34527 Search the Domain with PowerShell”