This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( [string]$SourceExe, [string]$DestinationPath, [string]$IconPath) | |
$WshShell = New-Object -comObject WScript.Shell | |
$Shortcut = $WshShell.CreateShortcut($DestinationPath) | |
$Shortcut.RelativePath = "..\..\..\..\..\..\..\..\..\$SourceExe" | |
$Shortcut.IconLocation = $IconPath | |
$Shortcut.TargetPath = $SourceExe | |
$Shortcut.Save() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Find dangerous API permissions as a user | |
$AzureTenantID = '<Your tenant ID>' | |
$AccountName = '<Username>@<Domain.com>' | |
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force | |
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password) | |
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID | |
function Get-AzureGraphToken | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
Function Install-KDCProxyServer { | |
<# | |
.SYNOPSIS | |
Set up a KDC Proxy server. | |
.DESCRIPTION | |
Sets up the KDC proxy server on the current host. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: github pages | |
on: | |
push: | |
branches: | |
- blog # Set a branch to deploy | |
pull_request: | |
jobs: | |
deploy: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Event | |
| where EventID == "4104" | |
| extend ParsedEvent = parse_xml(strcat("<root>", ParameterXml, "</root>")) | |
| extend MessageNumber = tolong(ParsedEvent.root.Param[0]) | |
| extend MessageTotal = tolong(ParsedEvent.root.Param[1]) | |
| extend ScriptBlockElement = iff( | |
strlen(tostring(ParsedEvent.root.Param[2]["#text"])) > 0, | |
ParsedEvent.root.Param[2]["#text"], | |
ParsedEvent.root.Param[2]) | |
| extend ScriptBlockId = tostring(ParsedEvent.root.Param[3]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RdpLogonEvent | |
{ | |
[CmdletBinding()] | |
param( | |
[Int32] $Last = 10 | |
) | |
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
LogName='Security' | |
ProviderName='Microsoft-Windows-Security-Auditing' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Original script and research by commial | |
### https://github.com/commial/experiments/tree/master/windows-defender | |
### Set LUADec_Path to binary | |
### https://github.com/viruscamp/luadec | |
import struct | |
import argparse | |
import sys | |
import os | |
import io | |
import subprocess |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add-Type -TypeDefinition @' | |
using System; | |
using System.Runtime.InteropServices; | |
using System.Security.Cryptography.X509Certificates; | |
public enum DSREG_JOIN_TYPE { | |
DSREG_UNKNOWN_JOIN = 0, | |
DSREG_DEVICE_JOIN = 1, | |
DSREG_WORKPLACE_JOIN = 2 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
<VersionEx>10.0.0.0</VersionEx> | |
<PolicyTypeID>{4E61C68C-97F6-430B-9CD7-9B1004706770}</PolicyTypeID> | |
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
<Rules> | |
<Rule> | |
<Option>Enabled:UMCI</Option> | |
</Rule> | |
<Rule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Generates a GUID from a given string value using MD5 hashing. | |
.PARAMETER Value | |
The string value to generate a GUID from. | |
.EXAMPLE | |
Get-Guid -Value "example string" | |
Returns a GUID generated from the string "example string". |