Looks for evidence of PrintNightmare exploitation execution in Logs. Requires 'Event Log Readers' or higher permissions. Defaults to domain controllers, yet can be pointed to any/all domain machines (using -AllComputers parameter, or changes LDAP query). Outputs results of potential PrintNightmare exploitation to console + CSV file.
YossiSassi/HuntPrintNightmareExploitation
Looks for evidence of PrintNightmare exploitation execution in Logs. Requires 'Event Log Readers' or higher permissions. Defaults to domain controllers, yet can be pointed to any/all domain machines (using -AllComputers parameter, or changes LDAP query). Outputs results of potential PrintNightmare exploitation to console + CSV file.
PowerShell