Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Building Thangs

Josh Rickard MSAdministrator

💭
Building Thangs
View GitHub Profile
@MSAdministrator
MSAdministrator / Phishing.md
Last active Sep 22, 2020
Night Time Readings of Phishing Emails
View Phishing.md
@MSAdministrator
MSAdministrator / mitre_att&ck_json_data_format_explanation.md
Created Mar 1, 2020
Explanation of the MITRE ATT&CK Data Format
View mitre_att&ck_json_data_format_explanation.md

MITRE ATT&CK Data Format

The MITRE ATT&CK JSON file is a flat JSON structure which is difficult to parse. To parse this JSON file, there are several different approaches but the type key is the, well, key!

The types within this JSON are the following (as well as the common wording used for this type):

  • attack-pattern (Techniques)
  • relationship (This is a unique type that contains relationships between types)
  • course-of-action (Mitigations)
  • identity (unused)
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active Oct 15, 2020
Iranian APT Groups & Possible Commands Used By These Groups
View iranian_apit_groups_possible_commands.md

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@MSAdministrator
MSAdministrator / Confirm-DateTimeFormatPattern.ps1
Created Feb 11, 2018
Confirm if a date time format pattern is valid or not
View Confirm-DateTimeFormatPattern.ps1
<#
.Synopsis
Confirm if a date time format pattern is valid or not
.DESCRIPTION
Confirm if a date time format pattern is valid or not
based on the current culture on the machine that this function
is being ran on
.EXAMPLE 1
View Get-TargetedWinEvent.ps1
function Get-TargetedWinEvent {
<#
.SYNOPSIS
Searches Windows logs for events related to specific Event IDs or EventData.Data values
.DESCRIPTION
Searches Windows logs for events related to specific Event IDs or EventData.Data values
Supports searching offline/exported evt/evtx files as well as online machines
.PARAMETER SearchTerm
EventData.Data property value to search for
View Convert-SabaToCampus.ps1
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE
View Convert-SabaToCampus2ndIssue.ps1
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE
View Convert-SabaToCampus.ps1
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE
View Setup-NewComputer.ps1
# Set your PowerShell execution policy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force
function Invoke-ComputerSetup {
[CmdletBinding(DefaultParameterSetName='Parameter Set 1',
SupportsShouldProcess=$true,
PositionalBinding=$false,
View Expand-IPRange.ps1
<#
.Synopsis
A PowerShell function to expand IP Ranges with dashes
.DESCRIPTION
This function will take an array of IP address ranges and
split them out into single IP addresses
.EXAMPLE
Expand-IPRange -Range '192.0.0.1-192.0.0.100','192.0.0.150-192.0.10.1'
.EXAMPLE
Expand-IPRange -Range '192.0.0.1-192.0.0.100','192.0.0.140','172.0.0.1-172.0.1.240'
You can’t perform that action at this time.