Skip to content

Instantly share code, notes, and snippets.

View IISResetMe's full-sized avatar

Mathias R. Jessen IISResetMe

  • Booking.com
  • Netherlands
View GitHub Profile
function Get-AvailableLicenseTemplates {
[CmdletBinding()]
param ()
process {
Write-Host "`$PSScriptRoot:" $PSScriptRoot -ForegroundColor Green
# Define the parent directory containing the folders
$ParentDirectory = "$PSScriptRoot\..\Templates\LICENSE\"
# Get the list of folders
$Folders = Get-ChildItem -Path $ParentDirectory -Directory
@IISResetMe
IISResetMe / Scan-LOLDrivers.ps1
Created May 19, 2023 17:08 — forked from MHaggis/Scan-LOLDrivers.ps1
it works - but use with caution :) it's a bit noisy and I think it's broken
function Scan-LOLDrivers {
param(
[Parameter(Mandatory = $true)]
[string]$path
)
Add-Type -TypeDefinition @"
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
@IISResetMe
IISResetMe / Set-ADPrincipalRedirection.ps1
Created November 22, 2022 14:35
Quick and dirty function to affect the same changes as redircmp.exe and redirusr.exe
function Set-ADPrincipalRedirection {
param(
[Parameter(Mandatory)]
$Domain,
[string]
$ComputersOU,
[string]
$UsersOU
function ConvertFrom-WildcardPattern {
param(
[Parameter(Mandatory, ValueFromPipeline)]
[WildcardPattern]$InputObject
)
begin {
$pctrProp = [WildcardPattern].
GetMember('PatternConvertedToRegex', [Reflection.BindingFlags]'NonPublic, Instance')
}
@IISResetMe
IISResetMe / Get-ADCertificateAuthority.ps1
Last active March 23, 2022 17:52 — forked from awakecoding/Get-ADCertificateAuthority.ps1
Get-ADCertificateAuthority.ps1
$ConfigurationDN = $([ADSI]"LDAP://RootDSE").ConfigurationNamingContext;
$SearchRoot = "LDAP://CN=Enrollment Services,CN=Public Key Services,CN=Services,$ConfigurationDN"
$SearchFilter = "(objectCategory=pkiEnrollmentService)"
foreach($CAEnrollService in (New-Object adsiSearcher([ADSI]$SearchRoot,$SearchFilter)).FindAll()){
$serviceProperties = [ordered]@{}
foreach($propName in 'Name CN DnsHostName'.Split()){
$serviceProperties[$propName] = $CAEnrollService.Properties[$propName] |Select -First 1
}
Get-PSReadLineOption |Get-Content -LiteralPath { $_.HistorySavePath } |ForEach-Object {
if($_.EndsWith('`')){
$last += "{0}`r`n" -f $_.Remove($_.Length - 1)
}else{
"${last}${_}"
$last = $null
}
} |Where-Object {$_ -like '*::*'} |ForEach-Object {
# parse history entry as powershell script
using namespace System.Reflection
using namespace System.Reflection.Emit
using namespace System.Runtime.CompilerServices
# We'll attempt to construct a subset of the functionality of:
# public record TestRecord(int M1, string M2);
#
# Namely, we'll generate:
# - property getters (`get_M1()`, `get_M2()`),
# - a public constructor (`TestRecord(int, int);`),
function target {
param($Caller = $((Get-PSCallStack)[0].Command))
"'$Caller' called!"
}
function volunteerID {
target -Caller $MyInvocation.MyCommand
}
@IISResetMe
IISResetMe / Find-VulnerableSchemas.ps1
Last active January 12, 2024 14:14
Find-VulnerableSchemas.ps1
# Dictionary to hold superclass names
$superClass = @{}
# List to hold class names that inherit from container and are allowed to live under computer object
$vulnerableSchemas = [System.Collections.Generic.List[string]]::new()
# Resolve schema naming context
$schemaNC = (Get-ADRootDSE).schemaNamingContext
# Enumerate all class schemas
using namespace System.Collections
function flatten
{
param(
[IDictionary]$Dictionary,
[string]$KeyDelimiter = ':'
)
$newDict = @{}