Skip to content

Instantly share code, notes, and snippets.

View JimWolff's full-sized avatar

Jim Wolff JimWolff

  • CYBER1UP ApS
  • Denmark
View GitHub Profile
@JimWolff
JimWolff / ps-to-bash-cheatsheet.md
Last active April 26, 2023 20:21
Powershell to bash equivalent Cheatsheet
PowerShell Command PowerShell Shorthand Bash Equivalent
Get-ChildItem -Path "/path/to/directory" -File -Force -Recurse gci -Path "/path/to/directory" -File -Force -Recurse ls -Rap /path/to/directory | grep -v /$
Select-String -Pattern "search-pattern" -Path "/path/to/files/*" sls "search-pattern" "/path/to/files/*" grep "search-pattern" /path/to/files/*
ForEach-Object { $_.Property } % { $_.Property } `
Get-Content -Path "/path/to/file" gc "/path/to/file" cat /path/to/file
Set-Content -Path "/path/to/file" -Value "content" sc "/path/to/file" "content" echo "content" > /path/to/file
New-Item -ItemType "file" -Path "/path/to/file" ni -ItemType "file" -Path "/path/to/file" touch /path/to/file
New-Item -ItemType "directory" -Path "/path/to/directory" ni -ItemType "directory" -Path "/path/to/directory" mkdir /path/to/directory
Remove-Item -Path "/path/to/file"
@JimWolff
JimWolff / bpp_2018-08-16_tls1.2only.ictpl
Last active August 17, 2018 07:50
IISCrypto template for pre windows server 2016, restricts protocol use to TLS 1.2. Boarder support version located here: https://gist.github.com/JimWolff/f6969253fb23744ea2bfae57d8b990b1 (template used in autofix security script here: https://gist.github.com/JimWolff/fc35d863db8971b2a73c96f90c5002e4)
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
<header>
<name>BestPracticePlus_Pre2016Server_tls1.2only</name>
<author>Jim Wolff</author>
<lastUpdated>2018-08-16T04:46:36.849556Z</lastUpdated>
<description>Follows best practise, but also removed weak ciphers that might still be enabled.</description>
<builtIn>false</builtIn>
</header>
<schannel setClientProtocols="true">
@JimWolff
JimWolff / bbp_http2fs_tls1.2only_win2k16-2018-04-18.ictpl
Last active April 18, 2018 09:35
IISCrypto template for enabling http2 on windows server 2016, restricts protocol use to TLS 1.2 to achieve a grade A+ on qualsys server test when HSTS is enabled. Boarder support version local here: https://gist.github.com/JimWolff/d8ea8ee58360f75c9283c6d74165774b (this template is used in my autofix ssl script here: https://gist.github.com/JimW…
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
<header>
<name>Best Practise (restricted to TLS1.2), prioritize HTTP/2, FS</name>
<author>Jim Wolff</author>
<lastUpdated>2018-04-18T10:45:11.0463186Z</lastUpdated>
<description>Using best practises, but TLS_ECDHE_ECDSA is prioritesed because its needed for http/2 not to use blacklisted cipher suites, prioriteses suites to ensure FS, uses TLS1.2 only to achieve a grade A+ on IIS in win2k16 with HSTS enabled.</description>
<builtIn>false</builtIn>
</header>
<schannel setClientProtocols="true">
@JimWolff
JimWolff / bbp_http2fs_win2k16-2018-03-12.ictpl
Last active November 19, 2020 10:09
IISCrypto template optimized for windows server 2016 to enable http2 and disable blacklisted ciphersuites plus updated with newest weak ciphers disabled (this template is used in my autofix ssl script here: https://gist.github.com/JimWolff/fc35d863db8971b2a73c96f90c5002e4 )
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
<header>
<name>Best Practice, prio HTTP/2, FS</name>
<author>Jim Wolff</author>
<lastUpdated>2018-03-12T12:45:11.0463186Z</lastUpdated>
<description>Using best practises, but TLS_ECDHE_ECDSA is prioritesed because its needed for http/2 not to use blacklisted cipher suites, prioriteses suites to ensure FS</description>
<builtIn>false</builtIn>
</header>
<schannel setClientProtocols="true">
@JimWolff
JimWolff / bpp_2018-03-12.ictpl
Last active August 17, 2018 07:50
IISCrypto template file, best practice with removal of newest ciphers determined weak by qualys ssl labs
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
<header>
<name>BestPracticePlus_Pre2016Server</name>
<author>Jim Wolff</author>
<lastUpdated>2018-03-12T12:45:51.3047731Z</lastUpdated>
<description>Follows best practise, but also removed weak ciphers that might still be enabled.</description>
<builtIn>false</builtIn>
</header>
<schannel setClientProtocols="true">
@JimWolff
JimWolff / iota generator.linq
Last active February 1, 2018 09:03
This c# code is supposed to be used with Linqpad which is free to download at (https://www.linqpad.net/) you can also use the source with any IDE/compiler that speak C# (although the .Dump() command used is linqpad specific and should be switched to something like Console.WriteLine() when using something like Visual Studio Code)
// its open source so any comments on the security or anything else is welcome, provided free of charge, but use this piece of code at your own risk, i am not liable for any damages.
const bool useRealRandom = true;
Random globalRand = new Random(); // non true-random function.
//using System.Net
void Main()
{
// user configurable values
// numberOfTimesToScramble shouldn't really make things "more random" since the time seed already makes it random, but i just want to provide several "knobs" for users to turn, to make it different for each user.
const int numberOfTimesToScramble = 13; // 1 or above.
const int minChunkSize = 4; // recommended 3-7
@JimWolff
JimWolff / bbp_http2fs_win2k16-20-06-2017.ictpl
Last active April 18, 2018 08:08
IISCrypto template optimized for windows server 2016 to enable http2 and disable blacklisted ciphersuites. (This script is deprecated please refer to: https://gist.github.com/JimWolff/d8ea8ee58360f75c9283c6d74165774b )
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
<header>
<name>Best Practice, prio HTTP/2, FS</name>
<author>Jim Wolff</author>
<lastUpdated>2017-06-20T23:12:11.0463186Z</lastUpdated>
<description>Using best practises, but TLS_ECDHE_ECDSA is prioritesed because its needed for http/2 not to use blacklisted cipher suites, prioriteses suites to ensure FS</description>
<builtIn>false</builtIn>
</header>
<schannel setClientProtocols="true">
@JimWolff
JimWolff / TailNewestFileInDir
Last active May 27, 2022 22:36
Powershell script that gets the tail of the newest file in the current directory and waits for more content, good for looking at the newest log file in a directory.
cls;$a=gci -Path "$(Get-Location)\*" -Include *.txt,*.log|sort LastAccessTime -Desc|select -f 1;$host.UI.RawUI.WindowTitle=$a.FullName;gc $a.FullName -Tail 10 -Wait
@JimWolff
JimWolff / FixSSLSecurity.ps1
Last active March 22, 2021 04:31
Downloads IISCrypto cli, uses custom template based on bestpractice, to fix ssl security on servers, enables http2 on win2k16 server and grade A+ in qualys ssl server test if using TLS1.2 only template
# 2018-08-17 reintroduced templates for 2012 with ciphers: 0x9C, 0x9D they are considered weak, but are the only AEAD ciphers available for 2012 atm.
# updated 2018-08-16 with some extra steps like enabling OCSP for SNI, added TLS1.2 only option for pre win2k16 aswell, added check to see if HTTP/2 was disabled.
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Write-Host "Starting as administrator and using Bypass ExecutionPolicy.";Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
# Go to a location we have write access to.
Set-Location ~\Downloads
# Global variables and settings.
[System.Net.ServicePointManager]::SecurityProtocol = 192 -bor 768 -bor 3072 # .Net doesn't enable tls1.1 and 1.2 by default, but can run it as long as .net 4.5 is installed. Which we need to download from sites that only allows tls1.2
$icDownloadUrl = "http:/
@JimWolff
JimWolff / bpp_2017-06-19.ictpl
Created June 19, 2017 06:44
IISCrypto template file, best practice "plus", with extra removal of newest ciphers determined weak
<?xml version="1.0" encoding="utf-16"?>
<iisCryptoTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="0">
<header>
<name>BestPracticePlus_2017-09-19</name>
<author>Jim Wolff</author>
<lastUpdated>2017-06-19T06:34:51.3047731Z</lastUpdated>
<description>Follows best practise, but also removed weak ciphers that might still be enabled.</description>
<builtIn>false</builtIn>
</header>
<schannel setClientProtocols="true">