Skip to content

Instantly share code, notes, and snippets.

Avatar

Jared Atkinson jaredcatkinson

View GitHub Profile
View kerberoasting-abstraction-map.yaml
---
title: T1208 - Kerberoasting
description:
header :
name : T1208 - Kerberoasting
colspan : 5
background-color : #DCDCDC
rows:
- Row1 :
name : Tools
View Collect-SOData.ps1
function Collect-SOData
{
param
(
[Parameter(Mandatory = $true)]
[string]
$FilePath
)
$hostname = $env:COMPUTERNAME
View Get-CurrentProcessIntegrityLevel.ps1
Add-Type -AssemblyName System.ServiceModel
$BF = [Reflection.BindingFlags]::NonPublic -bor [Reflection.BindingFlags]::Static
$C1 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Channels.AppContainerInfo')
$C2 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Activation.Utility')
$M1 = $C1.GetMethod('GetCurrentProcessToken', $BF)
$M2 = $C2.GetMethod('GetTokenInformation', $BF)
$hT = $M1.Invoke($null, @())
$b = New-Object -TypeName byte[](28)
$M2.Invoke($null, @($hT, 25, [byte[]]$b))
$IL = [Security.Principal.SecurityIdentifier]::new($b, 16).Value
View profile.ps1
Update-TypeData -TypeName Object -MemberType ScriptMethod -MemberName SizeOf -Value {
param()
if($this -is [type]) {
$SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([type]))
}
else {
$SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([Object]))
}
return $SizeOf.Invoke($null,@($this.psobject.BaseObject))
View ConvertFrom-EpochTime.ps1
function ConvertFrom-EpochTime
{
param
(
[Parameter(Mandatory = $true)]
[Double]
$EpochTime
)
$epochstart = Get-Date -Date 1/1/1970
@jaredcatkinson
jaredcatkinson / Add-ACECertificate.ps1
Last active Jun 21, 2019
PowerShell script to query the ACE Certificate Authority (CA) for the CA's public key and add the public key to the system's local cert store
View Add-ACECertificate.ps1
function Add-ACERootCertificate
{
param
(
[Parameter(Mandatory = $true)]
[string]
$ServerIp,
[Parameter()]
[Int32]
View Get-SOHostData.ps1
function Get-SOHostData
{
begin
{
try
{
Get-System
}
catch
{
View Get-RegistryValue.ps1
function Get-RegistryValue
{
[CmdletBinding(DefaultParameterSetName = 'HKLM')]
param
(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[string[]]
$Key,
[Parameter()]
@jaredcatkinson
jaredcatkinson / Get-Hash.ps1
Last active May 6, 2020
PowerShell v2 port of the Get-FileHash function. This version of Get-Hash supports hashing files and strings.
View Get-Hash.ps1
function Get-Hash
{
<#
.SYNOPSIS
Get-Hash is a PowerShell Version 2 port of Get-FileHash that supports hashing files, as well as, strings.
.PARAMETER InputObject
This is the actual item used to calculate the hash. This value will support [Byte[]] or [System.IO.Stream] objects.
@jaredcatkinson
jaredcatkinson / Resolve-CommandLineToFilePath.ps1
Last active Mar 23, 2021
Script to derive a File Path from a Command Line string
View Resolve-CommandLineToFilePath.ps1
function Resolve-CommandLineToFilePath
{
<#
.SYNOPSIS
The Resolve-CommandLineToFilePath function takes an arbitrary Command Line and resolves the called application/file's path.
.PARAMETER CommandLine
The CommandLine that you want to convert to a file path.