Created
January 16, 2020 01:04
-
-
Save ASkyeye/3e01ce24098e00418c164e91553cde23 to your computer and use it in GitHub Desktop.
Parses the ASN.1-encoded ECC curve parameters from an Audit-CVE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Hex string taken from the "para" field of Audit-CVE event ID 1 event in the Application log | |
$EventParaString = '3081E0020101302C06072A8648CE3D0101022100A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377304404207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9042026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B60441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997022100A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7020101' | |
# Convert the hex string to a byte array | |
[Byte[]] $EventParaBytes = $EventParaString -split '([0-9A-F]{2})' | Where-Object { $_ } | ForEach-Object { [Byte] "0x$_" } | |
# Save the byte array to disk | |
[IO.File]::WriteAllBytes("$PWD\ECCCurveParams.bin", $EventParaBytes) | |
# Use certutil to parse the ASN.1-encoded ECC curve parameters | |
certutil.exe -asn "$PWD\ECCCurveParams.bin" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment