mttaggart

param ( [string]$SourceExe, [string]$DestinationPath, [string]$IconPath)

$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($DestinationPath)
$Shortcut.RelativePath =  "..\..\..\..\..\..\..\..\..\$SourceExe"
$Shortcut.IconLocation = $IconPath
$Shortcut.TargetPath = $SourceExe
$Shortcut.Save()

andyrobbins

## Find dangerous API permissions as a user

$AzureTenantID = '<Your tenant ID>'
$AccountName = '<Username>@<Domain.com>'
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password)
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID

function Get-AzureGraphToken
{

jborean93

# Copyright: (c) 2022, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function Install-KDCProxyServer {
    <#
    .SYNOPSIS
    Set up a KDC Proxy server.

    .DESCRIPTION
    Sets up the KDC proxy server on the current host.

potatoqualitee

name: github pages

on:
  push:
    branches:
      - blog # Set a branch to deploy
  pull_request:

jobs:
  deploy:

LeeHolmes

Event
| where EventID == "4104"
| extend ParsedEvent = parse_xml(strcat("<root>", ParameterXml, "</root>"))
| extend MessageNumber = tolong(ParsedEvent.root.Param[0])
| extend MessageTotal = tolong(ParsedEvent.root.Param[1])
| extend ScriptBlockElement = iff(
    strlen(tostring(ParsedEvent.root.Param[2]["#text"])) > 0,
        ParsedEvent.root.Param[2]["#text"],
        ParsedEvent.root.Param[2])
| extend ScriptBlockId = tostring(ParsedEvent.root.Param[3])

awakecoding

function Get-RdpLogonEvent
{
    [CmdletBinding()]
    param(
        [Int32] $Last = 10
    )

    $RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
        LogName='Security'
        ProviderName='Microsoft-Windows-Security-Auditing'

HackingLZ

### Original script and research by commial 
### https://github.com/commial/experiments/tree/master/windows-defender
### Set LUADec_Path to binary 
### https://github.com/viruscamp/luadec
import struct
import argparse
import sys
import os
import io
import subprocess

awakecoding

Add-Type -TypeDefinition @'
using System;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;

public enum DSREG_JOIN_TYPE {
    DSREG_UNKNOWN_JOIN = 0,
    DSREG_DEVICE_JOIN = 1,
    DSREG_WORKPLACE_JOIN = 2
}

mgraeber-rc

<?xml version="1.0"?>
<SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy">
  <VersionEx>10.0.0.0</VersionEx>
  <PolicyTypeID>{4E61C68C-97F6-430B-9CD7-9B1004706770}</PolicyTypeID>
  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
  <Rules>
    <Rule>
      <Option>Enabled:UMCI</Option>
    </Rule>
    <Rule>

azurekid

<#
.SYNOPSIS
    Generates a GUID from a given string value using MD5 hashing.

.PARAMETER Value
    The string value to generate a GUID from.

.EXAMPLE
    Get-Guid -Value "example string"
    Returns a GUID generated from the string "example string".