I hereby claim:
- I am jeffstokes72 on github.
- I am enigmamachine (https://keybase.io/enigmamachine) on keybase.
- I have a public key ASAgmCVyOvhcvHRn9nbSl5xJwXrxFuqM6ec9A5D55BahbQo
To claim this, I am signing this object:
#Requires -RunAsAdministrator | |
#Requires -Version 5.0 | |
# requires Windows 10 | |
Get-EtwTraceProvider | Select-Object SessionName, Guid | sort SessionName | |
# as Markdown | |
<# | |
#Requires -RunAsAdministrator | |
$result = Get-EtwTraceProvider | sort SessionName | |
$result | %{"|Name|GUID|";"|----|----|";}{"|$($_.SessionName)|$($_.Guid)|"} | |
#> |
while ((Get-BitsTransfer | ? { $_.JobState -eq "Transferring" }).Count -gt 0) { | |
$totalbytes=0; | |
$bytestransferred=0; | |
$timeTaken = 0; | |
foreach ($job in (Get-BitsTransfer | ? { $_.JobState -eq "Transferring" } | Sort-Object CreationTime)) { | |
$totalbytes += $job.BytesTotal; | |
$bytestransferred += $job.bytestransferred | |
if ($timeTaken -eq 0) { | |
#Get the time of the oldest transfer aka the one that started first | |
$timeTaken = ((Get-Date) - $job.CreationTime).TotalMinutes |
# Description: Boxstarter Script | |
# Original Script is from: Jess Frazelle <jess@linux.com> | |
# Last Updated: 2020-11-18 | |
# | |
# Install boxstarter: | |
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
# | |
# You might need to set: Set-ExecutionPolicy RemoteSigned | |
# | |
# Run this boxstarter by calling the following from an **elevated** command-prompt: |
I hereby claim:
To claim this, I am signing this object:
Update-TypeData -TypeName Object -MemberType ScriptMethod -MemberName SizeOf -Value { | |
param() | |
if($this -is [type]) { | |
$SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([type])) | |
} | |
else { | |
$SizeOf = [System.Runtime.InteropServices.Marshal].GetMethod('SizeOf',[type[]]@([Object])) | |
} | |
return $SizeOf.Invoke($null,@($this.psobject.BaseObject)) |
Add-Type -AssemblyName System.ServiceModel | |
$BF = [Reflection.BindingFlags]::NonPublic -bor [Reflection.BindingFlags]::Static | |
$C1 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Channels.AppContainerInfo') | |
$C2 = [ServiceModel.PeerNode].Assembly.GetType('System.ServiceModel.Activation.Utility') | |
$M1 = $C1.GetMethod('GetCurrentProcessToken', $BF) | |
$M2 = $C2.GetMethod('GetTokenInformation', $BF) | |
$hT = $M1.Invoke($null, @()) | |
$b = New-Object -TypeName byte[](28) | |
$M2.Invoke($null, @($hT, 25, [byte[]]$b)) | |
$IL = [Security.Principal.SecurityIdentifier]::new($b, 16).Value |
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
I hereby claim:
To claim this, I am signing this object:
I hereby claim: