It’s been fun and educational putting my INTEL-SA-00213 Detection Script together. first writing it, refining it, Adding SMB Logging getting feedback from the Reddit PowerShell folks, learning about the PSScriptAnalyzer, etc. But there comes a point where it’s time to walk away from something. This little tool does everything I need. I could tweak and add features, and obsess further, but why? What good will come of it. It’s been a a neat little project but it’s done.
I learned a good deal during this, so for my own mental retention, and to share them let’s recap. There is a preferred order in which to arrange comment based help. Temporary files are best handled using $env:TEMP and New-TemporaryFile. Don’t bother specifying Mandatory=$true or Mandatory=$false in parameters, as it’s implied. Use Write-Debug as a form of commenting instead of pure comments, as it has the added benefit of automatically adding -Verbose functionality. When testing a Web path for validating a parameter, use the -Method Head option for Invoke-WebRequest to avoid downloading the file twice.
All in all, a fun exercise which produced a tool that I will be using to check for and mitigate live vulnerabilities. If you use it let me know, I’d love to hear how it works out for you. If you want any new features or changes, I’d be happy to do that as well.
Here’s the link to get the script.