Skip to content

Instantly share code, notes, and snippets.

View boydfields's full-sized avatar

Boyd Fields boydfields

View GitHub Profile
@echo off
DISM > nul 2>&1 || echo error: administrator privileges required >&2 && exit /b 1
where xperf.exe > nul 2>&1
if not %errorlevel% == 0 (
echo error: xperf not found in path. install "Windows Performance Toolkit" in the ADK from the link below >&2
echo https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install
exit /b 1
)
@boydfields
boydfields / FixRealtekPoppingSound.ps1
Created February 13, 2024 05:24 — forked from supermarsx/FixRealtekPoppingSound.ps1
Fix popping sound on some Realtek sound cards, realtek audio crackling patch
# Enable Realtek driver power management, this is the default value
REG ADD "HKCU\Software\Realtek\RAVCpl64\PowerMgnt" /v "Enabled" /t REG_DWORD /d 1 /f
# Disable Realtek driver power management, sometimes fixes realtek popping sound
REG ADD "HKCU\Software\Realtek\RAVCpl64\PowerMgnt" /v "Enabled" /t REG_DWORD /d 0 /f
# Replace XXXX with the corresponding key that has "Realtek" in the "DriverDesc", find using regedit
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}\XXXX\PowerSettings" /v "IdlePowerState" /t REG_BINARY /d "ffffffff" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}\XXXX\PowerSettings" /v "PerformanceIdleTime" /t REG_BINARY /d "ffffffff" /f
# Example if class is in 0000
@boydfields
boydfields / Clean.ps1
Created February 11, 2024 06:13 — forked from ave9858/Clean.ps1
function UninstallLicenses($DllPath) {
$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2).DefineType(0)
[void]$TB.DefinePInvokeMethod('SLOpen', $DllPath, 22, 1, [int], @([IntPtr].MakeByRefType()), 1, 3)
[void]$TB.DefinePInvokeMethod('SLGetSLIDList', $DllPath, 22, 1, [int],
@([IntPtr], [int], [Guid].MakeByRefType(), [int], [int].MakeByRefType(), [IntPtr].MakeByRefType()), 1, 3).SetImplementationFlags(128)
[void]$TB.DefinePInvokeMethod('SLUninstallLicense', $DllPath, 22, 1, [int], @([IntPtr], [IntPtr]), 1, 3)
$SPPC = $TB.CreateType()
$Handle = 0
@boydfields
boydfields / Error-Lookup-Tool-Friendly.bat
Created January 13, 2024 16:34 — forked from ThioJoe/Error-Lookup-Tool-Friendly.bat
Error Lookup Tool Friendly Output
@echo off
:: Note: Lines beginning with "REM" or :: are comments
:: Script by: https://github.com/thiojoe
:: Purpose: Creates a much more user friendly output for the Microsoft Error Lookup Tool (err.exe). It parses the original output and modifies the text.
:: Usage: Just call the batch file with command prompt along with the error code the same as you would with err.exe
:: Example: error.bat 50
:: Recommended to rename this script to something shorter like 'error.bat'. Must be next to the lookup tool exe file.
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
rem To also disable Windows Defender Security Center include this
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem 1 - Disable Real-time protection
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
@boydfields
boydfields / New-BitLockerVhdx.ps1
Created July 2, 2023 05:01 — forked from JaekelEDV/New-BitLockerVhdx.ps1
New-BitLockerVhdx.ps1
#New-BitLockerVhdx.ps1, create a vhdx, enable BitLocker.
#->Share encrypted data between machines (mount, attach to VMs) and peers (vhdx->Stick)
#All with Windows standard tools.
throw "Nope. This is no script, just a bunch of cmdlets."
#Create a new vhdx
New-VHD -Path .\sec.vhdx -SizeBytes 1GB -Fixed
#Mount the vhdx
@boydfields
boydfields / lapsv2_decryptor.py
Created May 20, 2023 01:47 — forked from zblurx/lapsv2_decryptor.py
Simple script to extract local admin password in cleartext with LAPSv2 using impacket
import argparse
import typing
import math
from uuid import UUID
from pyasn1.codec.der import decoder
from pyasn1_modules import rfc5652
from struct import unpack
from cryptography import utils
from cryptography.exceptions import AlreadyFinalized, InvalidKey
from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
@echo off &Title 'Close Handles' context menu to unlock files or folders by AveYo v2019.09.27
:: changelog: fix dl; add /accepteula; check S-1-5-19 for admin; ask for admin rights to catch system handles; auto-hide window
:: add_remove whenever script is run again
reg query "HKCU\Software\Classes\Directory\shell\CloseHandles" /v MuiVerb >nul 2>nul && (
reg delete HKCU\Software\Classes\Directory\shell\CloseHandles /f >nul 2>nul
reg delete HKCU\Software\Classes\Drive\shell\CloseHandles /f >nul 2>nul
reg delete HKCU\Software\Classes\*\shell\CloseHandles /f >nul 2>nul
color 0c &echo. &echo REMOVED! Run script again to add 'Close Handles' context menu
timeout /t -1 &color 0f &title %COMSPEC% &exit/b
@boydfields
boydfields / ExtractAllScripts.ps1
Created January 31, 2023 03:41 — forked from vikas891/ExtractAllScripts.ps1
A PowerShell script to re-construct a suspicious .PS1 from script-blocks recorded in Event ID 4104
#Usage:
#
#NOTE: Remember to include the path to Microsoft-Windows-PowerShell%4Operational.evtx below.
#
#C:\>ExtractAllScripts.ps1
#The default behavior of the script is to assimilate and extract every script/command to disk.
#
#C:\ExtractAllScripts -List
#This will only list Script Block IDs with associated Script Names(if logged.)
#