Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Building Thangs

Josh Rickard MSAdministrator

💭
Building Thangs
View GitHub Profile
View PSAttck.psm1
$methods = @('Get-AttckTool', 'Get-AttckTechnique', 'Get-AttckTactic', 'Get-AttckMitigation', 'Get-AttckMalware', 'Get-AttckActor')
foreach ($method in $methods){
$properties = @('Name', 'Id')
foreach ($prop in $properties){
${"($method)NameScriptBlock"} = {
param($commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters)
(& $method)."$prop".ForEach({
@MSAdministrator
MSAdministrator / download_malware_samples.py
Created Jan 7, 2022
Download Malicious Files from malware-traffic-analysis.net
View download_malware_samples.py
import os
import requests
from bs4 import BeautifulSoup
import time
import re
import io
from zipfile import ZipFile
EXTENSION_LIST = [
@MSAdministrator
MSAdministrator / Phishing.md
Last active Sep 22, 2020
Night Time Readings of Phishing Emails
View Phishing.md
@MSAdministrator
MSAdministrator / mitre_att&ck_json_data_format_explanation.md
Created Mar 1, 2020
Explanation of the MITRE ATT&CK Data Format
View mitre_att&ck_json_data_format_explanation.md

MITRE ATT&CK Data Format

The MITRE ATT&CK JSON file is a flat JSON structure which is difficult to parse. To parse this JSON file, there are several different approaches but the type key is the, well, key!

The types within this JSON are the following (as well as the common wording used for this type):

  • attack-pattern (Techniques)
  • relationship (This is a unique type that contains relationships between types)
  • course-of-action (Mitigations)
  • identity (unused)
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active Oct 6, 2022
Iranian APT Groups & Possible Commands Used By These Groups
View iranian_apit_groups_possible_commands.md

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@MSAdministrator
MSAdministrator / Confirm-DateTimeFormatPattern.ps1
Created Feb 11, 2018
Confirm if a date time format pattern is valid or not
View Confirm-DateTimeFormatPattern.ps1
<#
.Synopsis
Confirm if a date time format pattern is valid or not
.DESCRIPTION
Confirm if a date time format pattern is valid or not
based on the current culture on the machine that this function
is being ran on
.EXAMPLE 1
View Get-TargetedWinEvent.ps1
function Get-TargetedWinEvent {
<#
.SYNOPSIS
Searches Windows logs for events related to specific Event IDs or EventData.Data values
.DESCRIPTION
Searches Windows logs for events related to specific Event IDs or EventData.Data values
Supports searching offline/exported evt/evtx files as well as online machines
.PARAMETER SearchTerm
EventData.Data property value to search for
View Convert-SabaToCampus.ps1
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE
View Convert-SabaToCampus2ndIssue.ps1
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE
View Convert-SabaToCampus.ps1
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE