Skip to content

Instantly share code, notes, and snippets.

View c3rberus's full-sized avatar

c3rberus c3rberus

View GitHub Profile
@c3rberus
c3rberus / CreateDateDimensionWithFiscals.sql
Created April 19, 2023 02:23 — forked from jrgcubano/CreateDateDimensionWithFiscals.sql
A SQL script to create a Date dimension table with logic to specify fiscal dates.
BEGIN TRY
DROP TABLE [Dim].[Date]
END TRY
BEGIN CATCH
/*No Action*/
END CATCH
CREATE TABLE [Dim].[Date]
(
@c3rberus
c3rberus / winlogbeats.yml
Created February 4, 2023 05:09 — forked from ecapuano/winlogbeats.yml
Tuned and curated Winlogbeats config file
# A retired winlogbeats config maintained by the Recon InfoSec SOC
# contains most the higher value events needed for detection and response
# should be tuned for your specific environment and log volume tolerance
winlogbeat.event_logs: # Global Event Logs Config
- name: Security
ignore_older: 24h
processors:
- script:
when.equals.winlog.channel: Security
@c3rberus
c3rberus / windows_hardening.cmd
Created December 1, 2022 00:12 — forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@c3rberus
c3rberus / asr-log-parser.ps1
Created November 22, 2022 03:33 — forked from cfalta/asr-log-parser.ps1
Parses audit/block events from the Windows Defender Attack Surface Reduction rules into PowerShell objects for easier troubleshooting during rollout
$ASRGuidMatrix = @{'56a863a9-875e-4185-98a7-b882c64b5ce5' ='Block abuse of exploited vulnerable signed drivers';
'7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' = 'Block Adobe Reader from creating child processes';
'd4f940ab-401b-4efc-aadc-ad5f3c50688a' = 'Block all Office applications from creating child processes';
'9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' = 'Block credential stealing from the Windows local security authority subsystem (lsass.exe)';
'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' = 'Block executable content from email client and webmail';
'01443614-cd74-433a-b99e-2ecdc07bfc25' = 'Block executable files from running unless they meet a prevalence, age, or trusted list criterion';
'5beb7efe-fd9a-4556-801d-275e5ffc04cc'='Block execution of potentially obfuscated scripts';
'd3e037e1-3eb8-44c8-a917-57927947596d'='Block JavaScript or VBScript from launching downloaded executable content';
'3b576869-a4ec-4529-8536-b80a7769e899'='Block Office applications from creating executable content';
'75668c1f-73b5-4cf0-bb93-3ecf5
@c3rberus
c3rberus / runas.ps1
Created November 1, 2022 01:11
runas administrator in headless Windows server
runas /user:acme\administrator "cmd.exe /C powershell.exe"'
@c3rberus
c3rberus / robocopy.ps1
Created November 1, 2022 01:09
Robocopy Mirroring Directory and Permissions
#To do a mirror operation and properly copy the file and folder permissions, use the /sec and /secfix commands. The /sec command will copy the file security over for changed files, while the /secfix command will update the security for unchanged files.
#By combining these commands with /mir you will effectively mirror all of the files, folders, and permissions from a source directory to a destination.
robocopy D:\Source\ D:\Destination /mir /sec /secfix /v /log:copy.log
@c3rberus
c3rberus / nps_event_logs.ps1
Last active November 1, 2022 01:13
Enable NPS Authentication logging in Windows Event Log
auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

Keybase proof

I hereby claim:

  • I am c3rberus on github.
  • I am c3rberus (https://keybase.io/c3rberus) on keybase.
  • I have a public key ASDGQHTuKzJP-3ynJ2wRGKQpcp0sFH1R8CgsmlkSbb0f4Ao

To claim this, I am signing this object:

@c3rberus
c3rberus / Resize virtual machine partition.md
Created November 10, 2020 19:23 — forked from HugoPoi/Resize virtual machine partition.md
How to resize virtual machine partition after extend the disk

Resize a VM system disk

Introduction

  • You have a VM with small disk
  • You have GPT partition table
  • You NOT USE LVM (you should)
  • You need to extend a partition on the main drive
  • You use Debian 8.x aka Jessie

Extend the disk

@c3rberus
c3rberus / CreateDateDimensionWithFiscals.sql
Created October 30, 2020 23:22 — forked from cgibson-dev/CreateDateDimensionWithFiscals.sql
A SQL script to create a Date dimension table with logic to specify fiscal dates.
BEGIN TRY
DROP TABLE [Dim].[Date]
END TRY
BEGIN CATCH
/*No Action*/
END CATCH
CREATE TABLE [Dim].[Date]
(