Skip to content

Instantly share code, notes, and snippets.

View JaekelEDV's full-sized avatar
🎯
Focusing

@JaekelEDV JaekelEDV

🎯
Focusing
29 followers · 74 following
View GitHub Profile
@Flangvik
Flangvik / PKI_Abuse_cheatsheet.md
Last active August 26, 2023 13:22
PKI Abuse CheatSheet
@SMSAgentSoftware
SMSAgentSoftware / Get-CurrentPatchInfo.ps1
Last active February 23, 2024 20:58
Gets the current software update level of a Windows 10/11 workstation and compares with the latest available updates. Can also list all available updates for the current build.
[CmdletBinding()]
Param(
[switch]$ListAllAvailable,
[switch]$ExcludePreview,
[switch]$ExcludeOutofBand
)
$ProgressPreference = 'SilentlyContinue'
Function Get-MyWindowsVersion {
[CmdletBinding()]
@IAmStoxe
IAmStoxe / Remove-TeamsCacheData.ps1
Last active July 30, 2020 12:24
Remove Microsoft Teams cache data automatically.
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\Blob_storage\") -Recurse -Force
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\cache\") -Recurse -Force
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\IndexedDB\") -Recurse -Force
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\databases\") -Recurse -Force
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\GPUCache\") -Recurse -Force
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\Local Storage\") -Recurse -Force
Remove-Item (Join-Path $env:APPDATA "\Microsoft\Teams\tmp\") -Recurse -Force
@csandker
csandker / KerberosDelegation-Checks
Created January 22, 2020 16:17
Kerberos Delegation Checks
PS C:\Users\Clark.Kent\Desktop> ## Unconstrained Delegation
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=524288)').FindAll()
Path Properties
---- ----------
LDAP://CN=DC01,OU=Domain Controllers,DC=MonkeyIsland,DC=local {ridsetreferences, logoncount, codepage, objectcategor...
LDAP://CN=HTTPSvc,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagatio...
PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active July 5, 2024 17:29
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" <. Often used by Emotet (UTF-16)
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@Jaykul
Jaykul / About using NerdFonts as named Entities.md
Last active May 24, 2019 22:57
NerdFonts as Entities (thanks to Pansies)

Using Nerd Fonts in PowerShell

I've been recommending people use NerdFonts in their terminals for a while, but using the extra characters ends up being rather a pain. I have to look up characters in their web cheat-sheet, and then I either end up with a whole bunch of "$([char]0xf1ed)$([char]0xf00d)" in my profile scripts, which is impossible to read, or I have to translate the hex to decimal so I can type the ALT codes in my editor...

So today I fixed it, using PANSIES (the PowerShell ANSI Escape Sequences module).

PANSIES has &entities;

In PANSIES output (i.e. via the Write-Host, or by using New-Text in a string), you can embed named entities like in html. But unlike HTML, Pansies entities are extensible. So I wrote a little script to re-use the css names for the nerd-font characters and generate entities.

@mdowst
mdowst / Search-PSScripts.ps1
Last active November 29, 2018 20:53
A PowerShell function usedto search the text inside PowerShell scripts for a particular string
Function Search-PSScripts{
<#
.SYNOPSIS
Use to search the text inside PowerShell scripts for a particular string
.PARAMETER SearchString
The string to search for inside the script file
.PARAMETER Path
The folder path to search for PowerShell files in. Default to userprofile if not specified.
@wdormann
wdormann / acltest.ps1
Created May 1, 2018 15:20
Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation.
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
Break
}
$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
# This prints a table of ACLs
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights
@kevinblumenfeld
kevinblumenfeld / Types.md
Last active July 9, 2024 14:11

Credit: Mark Kraus
Website: https://get-powershellblog.blogspot.com

Collection Type Guidence

When to use what

  • Use Arrays if you know the element types and have a fixed length and/or known-up-front collection size that will not change.
  • Use ArrayList if you have an unkown collection size with either unknown or mixed type elements.
  • Use a Generic List when know the type of the elements but not the size of the collection.
  • Use a HashTable if you are going to do key based lookups on a collection and don't know the object type of the elements.
  • Use a Dictionary<TKey, TValue> you are going to do key based lookups on a collection and you know the type of the elements.
  • Use a HashSet when you know the type of elements and just want unique values and quick lookups and assignmnets.