I hereby claim:
- I am jeffstokes72 on github.
- I am enigmamachine (https://keybase.io/enigmamachine) on keybase.
- I have a public key ASAgmCVyOvhcvHRn9nbSl5xJwXrxFuqM6ec9A5D55BahbQo
To claim this, I am signing this object:
Jeff Stokes jeffstokes72
jeffstokes72
/ Get-EtwTraceProvider.ps1
Created
September 28, 2023 00:09
— forked from guitarrapc/Get-EtwTraceProvider.ps1
ETW (Event Tracing for Windows) Providers and their GUIDs for Windows 10 x64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #Requires -Version 5.0 | |
| # requires Windows 10 | |
| Get-EtwTraceProvider | Select-Object SessionName, Guid | sort SessionName | |
| # as Markdown | |
| <# | |
| #Requires -RunAsAdministrator | |
| $result = Get-EtwTraceProvider | sort SessionName | |
| $result | %{"|Name|GUID|";"|----|----|";}{"|$($_.SessionName)|$($_.Guid)|"} | |
| #> |
jeffstokes72
/ GetBitsTransferProgress.ps1
Created
September 28, 2021 21:47
— forked from ciphertxt/GetBitsTransferProgress.ps1
Progress bar for current "Transferring" BITS Transfers with a time remain calculation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while ((Get-BitsTransfer | ? { $_.JobState -eq "Transferring" }).Count -gt 0) { | |
| $totalbytes=0; | |
| $bytestransferred=0; | |
| $timeTaken = 0; | |
| foreach ($job in (Get-BitsTransfer | ? { $_.JobState -eq "Transferring" } | Sort-Object CreationTime)) { | |
| $totalbytes += $job.BytesTotal; | |
| $bytestransferred += $job.bytestransferred | |
| if ($timeTaken -eq 0) { | |
| #Get the time of the oldest transfer aka the one that started first | |
| $timeTaken = ((Get-Date) - $job.CreationTime).TotalMinutes |
jeffstokes72
/ boxstarter-w10.ps1
Created
September 21, 2021 00:55
— forked from sdktr/boxstarter-w10.ps1
Boxstarter Windows 10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: Boxstarter Script | |
| # Original Script is from: Jess Frazelle <jess@linux.com> | |
| # Last Updated: 2020-11-18 | |
| # | |
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: |
jeffstokes72
/ profile.ps1
Created
June 19, 2018 19:11
— forked from jaredcatkinson/profile.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Update-TypeData -TypeName Object -MemberType ScriptMethod -MemberName SizeOf -Value { | |
| param() | |
| if($this -is [type]) { | |
| $SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([type])) | |
| } | |
| else { | |
| $SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([Object])) | |
| } | |
| return $SizeOf.Invoke($null,@($this.psobject.BaseObject)) |
jeffstokes72
/ Get-CurrentProcessIntegrityLevel.ps1
Created
June 19, 2018 19:10
— forked from jaredcatkinson/Get-CurrentProcessIntegrityLevel.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -AssemblyName System.ServiceModel | |
| $BF = [Reflection.BindingFlags]::NonPublic -bor [Reflection.BindingFlags]::Static | |
| $C1 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Channels.AppContainerInfo') | |
| $C2 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Activation.Utility') | |
| $M1 = $C1.GetMethod('GetCurrentProcessToken', $BF) | |
| $M2 = $C2.GetMethod('GetTokenInformation', $BF) | |
| $hT = $M1.Invoke($null, @()) | |
| $b = New-Object -TypeName byte[](28) | |
| $M2.Invoke($null, @($hT, 25, [byte[]]$b)) | |
| $IL = [Security.Principal.SecurityIdentifier]::new($b, 16).Value |
jeffstokes72
/ Get-InjectedThread.ps1
Created
June 19, 2018 19:10
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
jeffstokes72
/ keybase.md
Last active
June 30, 2016 16:25
I hereby claim:
- I am jeffstokes72 on github.
- I am enigmamachine (https://keybase.io/enigmamachine) on keybase.
- I have a public key whose fingerprint is 6F29 FC36 48D0 0DBC 9733 008E 0CDE 3782 C4EC 7BE3
To claim this, I am signing this object:
jeffstokes72
/ keybase.md
Created
June 30, 2016 16:23
I hereby claim:
- I am jeffstokes72 on github.
- I am enigmamachine (https://keybase.io/enigmamachine) on keybase.