Skip to content

Instantly share code, notes, and snippets.

Jared Atkinson jaredcatkinson

Block or report user

Report or block jaredcatkinson

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Get-CurrentProcessIntegrityLevel.ps1
Add-Type -AssemblyName System.ServiceModel
$BF = [Reflection.BindingFlags]::NonPublic -bor [Reflection.BindingFlags]::Static
$C1 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Channels.AppContainerInfo')
$C2 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Activation.Utility')
$M1 = $C1.GetMethod('GetCurrentProcessToken', $BF)
$M2 = $C2.GetMethod('GetTokenInformation', $BF)
$hT = $M1.Invoke($null, @())
$b = New-Object -TypeName byte[](28)
$M2.Invoke($null, @($hT, 25, [byte[]]$b))
$IL = [Security.Principal.SecurityIdentifier]::new($b, 16).Value
View profile.ps1
Update-TypeData -TypeName Object -MemberType ScriptMethod -MemberName SizeOf -Value {
param()
if($this -is [type]) {
$SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([type]))
}
else {
$SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([Object]))
}
return $SizeOf.Invoke($null,@($this.psobject.BaseObject))
View ConvertFrom-EpochTime.ps1
function ConvertFrom-EpochTime
{
param
(
[Parameter(Mandatory = $true)]
[Double]
$EpochTime
)
$epochstart = Get-Date -Date 1/1/1970
@jaredcatkinson
jaredcatkinson / Add-ACECertificate.ps1
Last active Jun 21, 2019
PowerShell script to query the ACE Certificate Authority (CA) for the CA's public key and add the public key to the system's local cert store
View Add-ACECertificate.ps1
function Add-ACERootCertificate
{
param
(
[Parameter(Mandatory = $true)]
[string]
$ServerIp,
[Parameter()]
[Int32]
View Get-SOHostData.ps1
function Get-SOHostData
{
begin
{
try
{
Get-System
}
catch
{
View Get-RegistryValue.ps1
function Get-RegistryValue
{
[CmdletBinding(DefaultParameterSetName = 'HKLM')]
param
(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[string[]]
$Key,
[Parameter()]
@jaredcatkinson
jaredcatkinson / Get-Hash.ps1
Last active Jun 21, 2019
PowerShell v2 port of the Get-FileHash function. This version of Get-Hash supports hashing files and strings.
View Get-Hash.ps1
function Get-Hash
{
<#
.SYNOPSIS
Get-Hash is a PowerShell Version 2 port of Get-FileHash that supports hashing files, as well as, strings.
.PARAMETER InputObject
This is the actual item used to calculate the hash. This value will support [Byte[]] or [System.IO.Stream] objects.
@jaredcatkinson
jaredcatkinson / Resolve-CommandLineToFilePath.ps1
Last active Apr 12, 2018
Script to derive a File Path from a Command Line string
View Resolve-CommandLineToFilePath.ps1
function Resolve-CommandLineToFilePath
{
<#
.SYNOPSIS
The Resolve-CommandLineToFilePath function takes an arbitrary Command Line and resolves the called application/file's path.
.PARAMETER CommandLine
The CommandLine that you want to convert to a file path.
@jaredcatkinson
jaredcatkinson / Test-Ticket.ps1
Created Sep 20, 2017
Script to test if a Ticket Granting Ticket (TGT) is forged (a Golden Ticket).
View Test-Ticket.ps1
function Test-Condition
{
param
(
[Parameter(Mandatory = $true)]
[bool]
$Result,
[Parameter(Mandatory = $true)]
[string]
@jaredcatkinson
jaredcatkinson / Get-KerberosTicketGrantingTicket.ps1
Last active Jun 29, 2019
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
View Get-KerberosTicketGrantingTicket.ps1
function Get-KerberosTicketGrantingTicket
{
<#
.SYNOPSIS
Gets the Kerberos Tickets Granting Tickets from all Logon Sessions
.DESCRIPTION
Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets.
You can’t perform that action at this time.