Josh Frantz jfrantz1-r7
jfrantz1-r7
/ powershell transcription
Created
August 24, 2018 01:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Enable-PSTranscription | |
| { | |
| [CmdletBinding()] | |
| param( | |
| $OutputDirectory, | |
| [Switch] $IncludeInvocationHeader | |
| ) | |
| ## Ensure the base path exists | |
| $basePath = “HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription” |
jfrantz1-r7
/ powershell SMB creation.ps1
Created
August 24, 2018 01:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| md c:\Transcripts | |
| ## Kill all inherited permissions | |
| $acl = Get-Acl c:\Transcripts | |
| $acl.SetAccessRuleProtection($true, $false) | |
| ## Grant Administrators full control | |
| $administrators = [System.Security.Principal.NTAccount] “Administrators” | |
| $permission = $administrators,“FullControl”,“ObjectInherit,ContainerInherit”,“None”,“Allow” | |
| $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission |
jfrantz1-r7
/ scriptblocklogging.ps1
Created
August 24, 2018 01:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Enable-PSScriptBlockLogging | |
| { | |
| $basePath = “HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging” | |
| if(-not (Test-Path $basePath)) | |
| { | |
| $null = New-Item $basePath -Force | |
| } | |
| Set-ItemProperty $basePath -Name EnableScriptBlockLogging -Value “1” |
jfrantz1-r7
/ Enable-protected-event-log.ps1
Created
August 24, 2018 01:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Enable-ProtectedEventLogging | |
| { | |
| param( | |
| [Parameter(Mandatory)] | |
| $Certificate | |
| ) | |
| $basePath = “HKLM:\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging” | |
| if(-not (Test-Path $basePath)) | |
| { |
jfrantz1-r7
/ base64.ps1
Created
September 20, 2018 22:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $String = ‘Really malicious code that will blow your computer up’ | |
| $GetBytes = [System.Text.Encoding]::Unicode.GetBytes($Text) | |
| $EncodedString =[Convert]::ToBase64String($Bytes) | |
| $EncodedString |
jfrantz1-r7
/ get all software
Created
October 3, 2018 14:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT count(da.asset_id) as asset_count, ds.vendor, ds.name as software_name, ds.family, ds.version | |
| FROM dim_asset_software das | |
| JOIN dim_software ds using (software_id) | |
| JOIN dim_asset da on da.asset_id = das.asset_id | |
| GROUP BY ds.vendor, ds.name, ds.family, ds.version, ds.cpe | |
| ORDER BY asset_count DESC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT da.ip_address, da.host_name, ds.vendor, ds.name as software_name, ds.family, ds.version | |
| FROM dim_asset_software das | |
| JOIN dim_software ds using (software_id) | |
| JOIN dim_asset da on da.asset_id = das.asset_id | |
| WHERE ds.name like 'Firefox' |
jfrantz1-r7
/ new vs remediated vulns
Created
October 3, 2018 14:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| with assets_vulns as ( | |
| SELECT | |
| fasv.asset_id, | |
| fasv.vulnerability_id, | |
| baselineComparison (fasv.scan_id, current_scan) AS baseline, |
jfrantz1-r7
/ test1
Created
October 4, 2018 20:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vulnerability.categories NOT IN ["Zip", "Adobe", "Adobe Acrobat/Reader", "Adobe AIR", "Adobe ColdFusion", "Adobe Digital Editions", "Adobe Flash", "Adobe Shockwave", "Alpine Linux", "Anti-Virus", "Apache", "Apache HTTP Server", "Apache Struts", "Apache Tomcat", "Apple", "Apple iOS", "Apple iTunes", "Apple Java", "Apple Mac OS X", "Apple QuickTime", "Apple Safari", "Backdoor", "Backup", "Beanbag Review Board", "Browsers", "Canonical", "CentOS", "CGI", "Check Point", "Check Point Firewall", "Cisco", "Cisco ASA", "Cisco AsyncOS", "Cisco IOS", "Cisco IronPort", "Cisco NX-OS", "Cisco PIX", "Cisco SAN-OS", "Cisco TelePresence", "Cisco UCS", "Citect", "Citrix", "Citrix XenDesktop", "Conexant Systems", "Custom Web Application", "Debian Linux", "Default Account", "EulerOS", "Exim", "F", "F BIG-IP", "Fedora", "Fedora Core Linux", "FFmpeg", "Finger", "Fortinet", "Fortinet FortiAnalyzer", "Fortinet FortiGate", "Fortinet FortiManager", "Fortinet FortiOS", "FreeBSD", "Game", "General Remote Services", "Gentoo Linux", "Goog |
jfrantz1-r7
/ tomcat-vulns
Created
October 5, 2018 13:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WITH remediations AS ( | |
| SELECT DISTINCT fr.solution_id AS ultimate_soln_id, summary, fix, estimate, riskscore, dshs.solution_id AS solution_id | |
| FROM fact_remediation(10,'riskscore DESC') fr | |
| JOIN dim_solution ds USING (solution_id) | |
| JOIN dim_solution_highest_supercedence dshs ON (fr.solution_id = dshs.superceding_solution_id AND ds.solution_id = dshs.superceding_solution_id) |
OlderNewer