Skip to content

Instantly share code, notes, and snippets.

Avatar

Matthew Warren haircut

View GitHub Profile
@talkingmoose
talkingmoose / Speed Dating for Mac Admins.md
Last active Jul 13, 2022
Resources for my Penn State 2022 MacAdmins Campfire presentation on June 2
View Speed Dating for Mac Admins.md

Speed Dating for Mac Admins

Terminal Login Banner

Last login: Wed Jun  1 23:03:39 on ttys000


                        'c.            Logged in as: bill.smith
                     ,xNMM.            ---------------------------------
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created Dec 10, 2021
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
View log4j_rce_check.py
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@drewkerr
drewkerr / get-focus-mode.js
Last active Aug 3, 2022
Read the current Focus mode on macOS Monterey (12.0+) using JavaScript for Automation (JXA)
View get-focus-mode.js
const app = Application.currentApplication()
app.includeStandardAdditions = true
function getJSON(path) {
const fullPath = path.replace(/^~/, app.pathTo('home folder'))
const contents = app.read(fullPath)
return JSON.parse(contents)
}
function run() {
View ikbc-td108-manual.txt
# ⌨️ TD 108 Functions Description
***Light Mode:***
PRESS FN + F4
+ Light up
+ Wave
+ Rain drop
+ Aurora
+ Breathing
@erikng
erikng / kextidentifiers.py
Last active Apr 19, 2021
kextidentifiers.py
View kextidentifiers.py
#!/usr/bin/python
# For mojave only
# In order for this to work, you will need to go to System Preferences in Mojave -> Security & Privacy -> Privacy -> Full Disk Access and grant Terminal.app permissions
import sqlite3
conn = sqlite3.connect('/var/db/SystemPolicyConfiguration/KextPolicy')
c = conn.cursor()
query = 'SELECT * FROM kext_policy'
c.execute(query)
@opragel
opragel / forcefully_remove_mdm_1015.sh
Last active Aug 2, 2022
forcefully_remove_mdm_1015.sh
View forcefully_remove_mdm_1015.sh
#!/bin/bash
# Seriously there still apparently aren't enough warning labels
# If you don't understand the consequences don't do it
REMOVE_PATHS=( # "/var/db/ConfigurationProfiles/.passcodePolicesAreInstalled"
# "/var/db/ConfigurationProfiles/.cloudConfigHasActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigNoActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigProfileObtained"
# "/var/db/ConfigurationProfiles/.cloudConfigRecordFound"
# "/var/db/ConfigurationProfiles/.profilesAreInstalled"
@gregneagle
gregneagle / fancy_defaults_read.py
Last active Apr 19, 2022
fancy_defaults_read.py: Reads a preference, prints its value, type, and where it is defined.
View fancy_defaults_read.py
#!/usr/bin/python
import os
import sys
from CoreFoundation import (CFPreferencesAppValueIsForced,
CFPreferencesCopyAppValue,
CFPreferencesCopyValue,
kCFPreferencesAnyUser,
kCFPreferencesAnyHost,
@mrik23
mrik23 / MSOL-BulkRemoveDirectAssignedLicense.ps1
Last active Oct 18, 2021
Remove in bulk direct assigned license to users who have group assigned license with Azure AD PowerShell v1
View MSOL-BulkRemoveDirectAssignedLicense.ps1
<#
Modified version of the script from Microsoft Documentation.
Removed the part that checks if the users is assigned more products than the group assigned license.
Added connection part and help to find Sku and Group Object ID.
This script requires Azure AD (aks MSOL) PowerShell v1. It doesn't seem possible to do so with v2.
Ref: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-ps-examples
#>
Import-Module MSOnline
$UserCredential = Get-Credential
View bash array parser
parse_array() {
FS=':'
key=(); val=()
for (( i=0 ; i < $(eval echo \${#$1[@]}) ; i++ )); do
key+=( "$(eval echo \${$1[$i]} | awk -F${FS} '{print $1}')" )
val+=( "$(eval echo \${$1[$i]} | awk -F${FS} '{print $2}')" )
done
}
# Assuming script contains myarray=( "key1:value1" "key2:value2" )
parse_array myarray
@pudquick
pudquick / visible_apps.py
Created Mar 29, 2017
Getting the list of visible apps (think: Force Quit) in macOS via python and pyobjc
View visible_apps.py
from Foundation import NSBundle
import objc
CoreServices = NSBundle.bundleWithIdentifier_('com.apple.CoreServices')
functions = [
('_LSCopyRunningApplicationArray', '@I'),
('_LSCopyApplicationInformation', '@I@@'),
]
constants = [