darkoperator

function Get-PsgProcess {
    <#
    .SYNOPSIS
        Query the CIM Object database for a list of processes on a target host.
    .DESCRIPTION
        Query the CIM Object database for a list of processes on a target host. The function allows for
        filtering so as to better target the desired processes.
    .EXAMPLE
        PS C:\> Get-PsgProcess -CimSession (Get-CimSession -Id 2) -ExecutablePath "C:\\User" 

darkoperator

<?xml version="1.0"?>
<command>
   <a>
      <command>Get-Process</command>
   </a>
  </command>

darkoperator

function RunCalc() {
  var shell = WScript.CreateObject("WScript.Shell");
  shell.Run("calc.exe");
}

darkoperator

var shell = WScript.CreateObject("WScript.Shell");
shell.Run("calc.exe");

darkoperator

<#
.Synopsis
   Execute commands against VyOS.
.DESCRIPTION
   Execute commands against VyOS using a SSHShellStream.
#>
function Invoke-VyOSCommand
{
    [CmdletBinding()]
    [Alias()]

darkoperator

<#
.Synopsis
  Generate xpath filters for fields on a specified Event Log Entry.
.DESCRIPTION
  Parses Event Log Entries to make usable Windows Event log 
  filtering xpath for Windows Event Filters and Windows Eventlog Forwarding
.EXAMPLE
   PS C:\> Get-WinEventBaseXPathFilter -EventId 4624 -LogName security

darkoperator

<Sysmon schemaversion="2.10">
  <HashAlgorithms>*</HashAlgorithms>
  <CheckRevocation></CheckRevocation>
  <EventFiltering>
    <ImageLoad onmatch="include">
		<ImageLoaded condition="contains">System.Management.Automation.ni.dll</ImageLoaded>
		<ImageLoaded condition="contains">System.Management.Automation.dll</ImageLoaded>
    </ImageLoad>
	<ImageLoad onmatch="exclude">
		<Image condition="is">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Image>

darkoperator

<Html>
<Head>
<Title>Support Information</Title>
 
<HTA:Application
Caption = Yes
Border = Thick
ShowInTaskBar = Yes
SingleInstance = Yes
MaximizeButton = No

darkoperator

# Embed a DLL so as to add the library necessary to perform DNS Queries.
$EncodedCompressedFile = @'
xL0HfBzFFT8+t3u3ezpJlk6y91Rs3xkwnLWybFmUc8GWAZseTC8GXGkGfCBBKLbAIZQALhgcijHNYNMhgMH0HgIhhC5AxCSQ3hNCQiiWf+/7pu1JMuT3//w+n79hdbtv+sybN2/ee/Nm/6OuEK4QIk7Pli1CPCrkv3bx7f+W0DMo+/ggsaHstRGPxvZ7bcQhJ57UmTuto3hCx5xTc/PmLFxYPCM397hcx5kLcyctzO1xwMG5U4vzj2uprExtp/KYMU2I/WKuaDvvj/vofH8lnBHlsaQQVztCVEhYy8P0nqOXZx1ZO7w7st5C2F+B1hD81t879NN+kRDV/L/9NT/8750NjjhcyHyvKBugkb9ydBX+7/5R/ZKRzyR97xX5bjnjuLPPoN8df6jahbY6/bKY3dLR2TGP3rluaHuKfq8tjdhO/7d0HHdKcZ7qrl+pvNb2i7db32pWPyzjoG6OSIgnt8TE7A1C6K4YSv0DnJiRk+P9bf/afrBH7vXvvbs83He3rmHZd148ouvUeTuuX/vn9tXrH/NXPDH8pZqGKZN3Gvl4256fbHNC0/3VH6869MV1N8/e8tCEc34/7Sfzrnrwxrpbe04/PplcuumVp098KFPc/8Lph15zUv77Fb/Z944J178xZt8/LTtu8sh7/j706Os/XjbnzmOPez299z1PuBcce87snjn31NeOjQlf1cXJf4/6q0nUjnXEIA0byUC3K0Y40yRESfxFEliaxwSVRxRWYWCegnV86IvTOL+EwS+nYfDgwXkaMC9fTn+aSsLcbwqL9wlzxVCqGv2fDkf1VsTENKDWMfTsS09Iz7P03ETPqfScT0+ank7Cay+VQ617B8VE+JLjLV5ADczkf+AIb3Qu5+iQe0IRxmIdOyXFaR1H0p/OemrfubmYDl/qNrTslhPqs3D

darkoperator

$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d  = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force