This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# A basic script for uninstalling app packages in Windows 10/11, including those pre-installed with Windows | |
# | |
# Note: If you get an error about the script not being allowed to run, the below command will change the execution polciy temporarily for one session only: | |
# Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process | |
# | |
# To execute the script, open a Powershell window to the directory with the script and run the following command using your scripts file name (and don't forget the .\ ) | |
# .\WhateverScriptName.ps1 | |
# ------------------------------------------------------------------------------------------- | |
# Script by ThioJoe - https://github.com/ThioJoe | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Meta | |
Date: 2022 June 30th | |
Authors: Dray Agha (Twitter @purp1ew0lf) | |
Company: Huntress Labs | |
Purpose: Automate setting up Sysmon with Florian Roth's ruleset. | |
Sysmon log can be found in C:\windows\System32\winevt\Logs\Microsoft-Windows-Sysmon%4Operational.evtx | |
#> | |
function admin_check{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
accesschk -w -s -u Users "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u Everyone "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u "Authenticated Users" "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u Interactive "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u "This Organization" "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u "Authentication authority asserted identity" "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u "Mandatory Label\Medium Mandatory Level" "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u %username% "C:\Program Files" >> programfiles.txt | |
accesschk -w -s -u Users "C:\Program Files (x86)" >> programfilesx86.txt |