Skip to content

Instantly share code, notes, and snippets.

View JaekelEDV's full-sized avatar
🎯
Focusing

@JaekelEDV JaekelEDV

🎯
Focusing
29 followers · 74 following
View GitHub Profile
@exp0se
exp0se / powershell_eventlog_parsing.ps1
Last active July 21, 2024 21:36
Powershell log parsing
#Security log
#============
####
#4624 - Logon & Logoff events successful
#4625 - Logon unsucceful
####
# Get usernames
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique
# Get domains
@exp0se
exp0se / logparser.ps1
Created March 13, 2016 09:22
Logparser log parsing
# Logparser
###############
# Security Log
###############
# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
@LawrenceHwang
LawrenceHwang / get-tasklist.ps1
Last active September 9, 2019 21:22
<#
.Synopsis
A wrapper for the tasklist /v /s COMPUTERNAME
.DESCRIPTION
This is a wrapper for the tasklist command. In the case PowerShell remoting is not available, this cmdlet would be useful to gather the process infromation.
#>
function Get-Tasklist
{
[CmdletBinding()]
@indented-automation
indented-automation / Get-InstalledSoftware.ps1
Last active July 27, 2024 14:57
Get-InstalledSoftware
function Get-InstalledSoftware {
<#
.SYNOPSIS
Get all installed from the Uninstall keys in the registry.
.DESCRIPTION
Read a list of installed software from each Uninstall key.
This function provides an alternative to using Win32_Product.
.EXAMPLE
Get-InstalledSoftware
@api0cradle
api0cradle / AccessChk.bat
Last active September 11, 2023 10:17
AppLocker hardening
accesschk -w -s -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Interactive "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "This Organization" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Authentication authority asserted identity" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Mandatory Label\Medium Mandatory Level" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u %username% "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Users "C:\Program Files (x86)" >> programfilesx86.txt
@kevinblumenfeld
kevinblumenfeld / Types.md
Last active July 9, 2024 14:11

Credit: Mark Kraus
Website: https://get-powershellblog.blogspot.com

Collection Type Guidence

When to use what

  • Use Arrays if you know the element types and have a fixed length and/or known-up-front collection size that will not change.
  • Use ArrayList if you have an unkown collection size with either unknown or mixed type elements.
  • Use a Generic List when know the type of the elements but not the size of the collection.
  • Use a HashTable if you are going to do key based lookups on a collection and don't know the object type of the elements.
  • Use a Dictionary<TKey, TValue> you are going to do key based lookups on a collection and you know the type of the elements.
  • Use a HashSet when you know the type of elements and just want unique values and quick lookups and assignmnets.
@wdormann
wdormann / acltest.ps1
Created May 1, 2018 15:20
Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation.
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
Break
}
$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
# This prints a table of ACLs
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights
@mdowst
mdowst / Search-PSScripts.ps1
Last active November 29, 2018 20:53
A PowerShell function usedto search the text inside PowerShell scripts for a particular string
Function Search-PSScripts{
<#
.SYNOPSIS
Use to search the text inside PowerShell scripts for a particular string
.PARAMETER SearchString
The string to search for inside the script file
.PARAMETER Path
The folder path to search for PowerShell files in. Default to userprofile if not specified.
@Jaykul
Jaykul / About using NerdFonts as named Entities.md
Last active May 24, 2019 22:57
NerdFonts as Entities (thanks to Pansies)

Using Nerd Fonts in PowerShell

I've been recommending people use NerdFonts in their terminals for a while, but using the extra characters ends up being rather a pain. I have to look up characters in their web cheat-sheet, and then I either end up with a whole bunch of "$([char]0xf1ed)$([char]0xf00d)" in my profile scripts, which is impossible to read, or I have to translate the hex to decimal so I can type the ALT codes in my editor...

So today I fixed it, using PANSIES (the PowerShell ANSI Escape Sequences module).

PANSIES has &entities;

In PANSIES output (i.e. via the Write-Host, or by using New-Text in a string), you can embed named entities like in html. But unlike HTML, Pansies entities are extensible. So I wrote a little script to re-use the css names for the nerd-font characters and generate entities.

@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module: