From 840826359b15cb47353ba0246fac443031cefa14 Mon Sep 17 00:00:00 2001 From: Eric Conrad Date: Sat, 4 May 2019 12:41:14 -0300 Subject: [PATCH] Reorganized the READMEs --- README.md | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 8ce2cc3..e155e7b 100644 --- a/README.md +++ b/README.md @@ -19,24 +19,15 @@ Sample evtx files are in the .\evtx directory - [Examples](#examples) - [Output](#output) - [Logging setup](#logging-setup) -- See the [DeepBlue.py Readme](README-DeepBlue.py.md) for information on DeepBlue.py -- See the [DeepWhite Readme](README-DeepWhite.md) for information on DeepWhite (detective whitelisting using Sysmon event logs) +- See the [DeepBlue.py Readme](READMEs/README-DeepBlue.py.md) for information on DeepBlue.py +- See the [DeepWhite Readme](READMEs/README-DeepWhite.md) for information on DeepWhite (detective whitelisting using Sysmon event logs) ## Usage: `.\DeepBlue.ps1 ` -If you see this error: `.\DeepBlue.ps1 : File .\DeepBlue.ps1 cannot be loaded because running scripts is -disabled on this system. For more information, see about_Execution_Policies at -http://go.microsoft.com/fwlink/?LinkID=135170.` - -You must run Set-ExecutionPolicy as Administrator, here is an example (this will warn every time you run a ps1 script): `Set-ExecutionPolicy RemoteSigned` - -This command will bypass Set-Execution entirely: `Set-ExecutionPolicy Bypass` - -See `get-help Set-ExecutionPolicy` for more options. - -Please note that "Set-ExecutionPolicy is not a security control" (quoting [@Ben0xA](https://twitter.com/ben0xa)) +See the [Set-ExecutionPolicy Readme](READMEs/Set-ExecutionPolicy.md) if you receive a 'running scripts is +disabled on this system' error. ### Process local Windows security event log (PowerShell must be run as Administrator):