This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
05/15/2016 | |
Example of using the api.ipify.org API in the JSON format | |
Optional text version of the API would be more straight forward, | |
this demonstrating some manual parsing of the JSON format. | |
JSON format can also be converted to a PowerSHell object via 'convertFrom-Json' cmdlet: | |
(Invoke-WebRequest -URI https://api.ipify.org?format=json) | ConvertFrom-Json | Select-Object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
05/16/2016 | |
Quick example .NET | |
This is one of the things that makes PowerShell extensible - you can do inline .NET | |
Reference: https://blogs.technet.microsoft.com/heyscriptingguy/2010/10/26/learn-how-to-use-net-framework-commands-inside-windows-powershell/ | |
#> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
05/16/2016 | |
Simple function example | |
In this example I'm showing how input to the function can be validated | |
After running this script a 'Test-name' function will be available, which accepts an argument or parameter | |
Reference: http://mikefrobbins.com/2015/03/31/powershell-advanced-functions-can-we-build-them-better-with-parameter-validation-yes-we-can/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
05/18/2016 | |
Example of parsing of a Windows Event log, then writing to the host and a log file if a certain eventID detected | |
#> | |
## requires section Reference: http://serverfault.com/a/676573/355259 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
05/18/2016 | |
Example of using the 'AWS Tools For Windows PowerShell' : http://docs.aws.amazon.com/powershell/latest/userguide/pstools-welcome.html | |
In this example I'm doing a very simple audit to see which users (IAM users) were created in the last week. | |
This script requires AWS Tools to be installed locally. Amazon has an MSI on their website. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# Nicholas Leader 2018 | |
Custom filter on the AV agent report | |
make sure file in CSV format | |
12.03.2018 - made the date filtering more extensible (not hard coded), grabs last 3 calender months with current month | |
#> | |
$filePath = "Example_file_path.csv" | |
### formats the dates to similar formats as what's contained in the spreasheet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
09.08.2018 | |
Merging 2 sets of data with compare-object lookup. | |
List of servers and adding columns to the CSV from a AV CSV | |
This script returns *all* data elements from both CSVs, rather than just from 1 CSV with compare-object | |
#> | |
#date stamp in string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### | |
# Nicholas Leader | |
# 8.9.2019 | |
# Check for the presence of HTTP Security headers - CSP or Content-Security-Policy in this example | |
# | |
# Dictionary calling idea from: https://stackoverflow.com/questions/39090323/how-to-check-if-response-header-contains-certain-headers-powershell | |
# | |
### | |
### set Connection to use TLS 1.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Nicholas Leader | |
### Python PoC given AWS API query parameter of URL, return if HTTP security header CSP policy is present | |
### Written as AWS Lamda (serverless) function | |
### 8.14.2019 | |
### | |
import json | |
def lambda_handler(event, context): | |
import urllib.request | |
input = event["queryStringParameters"]['URL'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
9.3.2019 | |
PowerShell PoC to grab the 'CN' common name of the SSL/TLS cert of an IP | |
Script takes an array of IPs as input in the script, but could be modified to pull from a CSV, etc | |
Script is leveraging 'Invoke-Command' to run an NMAP script | |
Using 'Select-string' to pull the relevent line of the NMAP script output | |
Requires: |
OlderNewer