This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
DISM > nul 2>&1 || echo error: administrator privileges required >&2 && exit /b 1 | |
where xperf.exe > nul 2>&1 | |
if not %errorlevel% == 0 ( | |
echo error: xperf not found in path. install "Windows Performance Toolkit" in the ADK from the link below >&2 | |
echo https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install | |
exit /b 1 | |
) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Enable Realtek driver power management, this is the default value | |
REG ADD "HKCU\Software\Realtek\RAVCpl64\PowerMgnt" /v "Enabled" /t REG_DWORD /d 1 /f | |
# Disable Realtek driver power management, sometimes fixes realtek popping sound | |
REG ADD "HKCU\Software\Realtek\RAVCpl64\PowerMgnt" /v "Enabled" /t REG_DWORD /d 0 /f | |
# Replace XXXX with the corresponding key that has "Realtek" in the "DriverDesc", find using regedit | |
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}\XXXX\PowerSettings" /v "IdlePowerState" /t REG_BINARY /d "ffffffff" /f | |
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}\XXXX\PowerSettings" /v "PerformanceIdleTime" /t REG_BINARY /d "ffffffff" /f | |
# Example if class is in 0000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function UninstallLicenses($DllPath) { | |
$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2).DefineType(0) | |
[void]$TB.DefinePInvokeMethod('SLOpen', $DllPath, 22, 1, [int], @([IntPtr].MakeByRefType()), 1, 3) | |
[void]$TB.DefinePInvokeMethod('SLGetSLIDList', $DllPath, 22, 1, [int], | |
@([IntPtr], [int], [Guid].MakeByRefType(), [int], [int].MakeByRefType(), [IntPtr].MakeByRefType()), 1, 3).SetImplementationFlags(128) | |
[void]$TB.DefinePInvokeMethod('SLUninstallLicense', $DllPath, 22, 1, [int], @([IntPtr], [IntPtr]), 1, 3) | |
$SPPC = $TB.CreateType() | |
$Handle = 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
:: Note: Lines beginning with "REM" or :: are comments | |
:: Script by: https://github.com/thiojoe | |
:: Purpose: Creates a much more user friendly output for the Microsoft Error Lookup Tool (err.exe). It parses the original output and modifies the text. | |
:: Usage: Just call the batch file with command prompt along with the error code the same as you would with err.exe | |
:: Example: error.bat 50 | |
:: Recommended to rename this script to something shorter like 'error.bat'. Must be next to the lookup tool exe file. | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
rem To also disable Windows Defender Security Center include this | |
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
rem 1 - Disable Real-time protection | |
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#New-BitLockerVhdx.ps1, create a vhdx, enable BitLocker. | |
#->Share encrypted data between machines (mount, attach to VMs) and peers (vhdx->Stick) | |
#All with Windows standard tools. | |
throw "Nope. This is no script, just a bunch of cmdlets." | |
#Create a new vhdx | |
New-VHD -Path .\sec.vhdx -SizeBytes 1GB -Fixed | |
#Mount the vhdx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import typing | |
import math | |
from uuid import UUID | |
from pyasn1.codec.der import decoder | |
from pyasn1_modules import rfc5652 | |
from struct import unpack | |
from cryptography import utils | |
from cryptography.exceptions import AlreadyFinalized, InvalidKey | |
from cryptography.hazmat.primitives.kdf import KeyDerivationFunction |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Usage: | |
# | |
#NOTE: Remember to include the path to Microsoft-Windows-PowerShell%4Operational.evtx below. | |
# | |
#C:\>ExtractAllScripts.ps1 | |
#The default behavior of the script is to assimilate and extract every script/command to disk. | |
# | |
#C:\ExtractAllScripts -List | |
#This will only list Script Block IDs with associated Script Names(if logged.) | |
# |