Skip to content

Instantly share code, notes, and snippets.

Joshua Wright joswr1ght

Block or report user

Report or block joswr1ght

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@joswr1ght
joswr1ght / compare-process-example.ps1
Created Mar 6, 2020
Comparing DLL List Before and After for a Process
View compare-process-example.ps1
# Start by changing to a temporary directory
PS C:\WINDOWS\system32> cd \temp
# Run the ps command to get a list of process information for a named process (in this case we use lsass)
# Pipe the output to Select-Object ModuleName to limit the output to just the DLLs
PS C:\temp> ps -Name lsass -Module | Select-Object ModuleName
ModuleName
----------
lsass.exe
ntdll.dll
@joswr1ght
joswr1ght / linter.ps1
Created Mar 3, 2020
PowerShell Linter
View linter.ps1
docker run -v $PWD:/script -it mcr.microsoft.com/powershell pwsh -c "Install-Module PSScriptAnalyzer -Force; Invoke-ScriptAnalyzer -Path /script/scripts/openssh.ps1"
@joswr1ght
joswr1ght / Dump-Clipboard.sh
Created Jan 27, 2020
Dump the clipboard contents on macOS
View Dump-Clipboard.sh
x=""; while true; do y=`pbpaste`; if [ "$x" != "$y" ] ; then echo $y; x=$y; fi; done
@joswr1ght
joswr1ght / Dump-Clipboard.ps1
Created Jan 27, 2020
Copy Clipboard Data from PowerShell
View Dump-Clipboard.ps1
$x=""; while($true) { $y=get-clipboard -raw; if ($x -ne $y) { Write-Host $y; $x=$y } }
@joswr1ght
joswr1ght / groupenumeration.ps1
Created Jan 8, 2020
Create a Collection of Files for Windows Domain Groups with User Members in Each File
View groupenumeration.ps1
Get-AdGroup -Filter * | % { Get-AdGroupMember $_.Name | Select-Object -ExpandProperty SamAccountName | Out-File -FilePath "$($_.Name).txt" -Encoding ASCII }
@joswr1ght
joswr1ght / disablekibanadatareporting.sh
Created Dec 18, 2019
Disable Kibana Data Reporting/Telemetry from the Command Line with Curl
View disablekibanadatareporting.sh
curl --silent -d '{"doc":{"telemetry":{"enabled":false}}}' -H 'content-type: application/json' http://localhost:9200/.kibana/_update/telemetry%3Atelemetry | jq
@joswr1ght
joswr1ght / accesslog2csv.py
Created Dec 16, 2019
Convert Apache/Nginx Unified Log Format to CSV
View accesslog2csv.py
# accesslog2csv: Convert default, unified access log from Apache, Nginx
# servers to CSV format.
#
# Original source by Maja Kraljic, July 18, 2017
# Modified by Joshua Wright to parse all elements in the HTTP request as
# different columns, December 16, 2019
import csv
import re
@joswr1ght
joswr1ght / stopresponderattacks.cmd
Created Oct 9, 2019
Disable WPAD and LLMNR on Windows
View stopresponderattacks.cmd
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /v "WpadOverride" /t REG_DWORD /d "1" /f
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient"
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient" /v "EnableMulticast" /t REG_DWORD /d "0" /f
@joswr1ght
joswr1ght / brojsonnormaltime.sh
Created Sep 25, 2019
Export Bro Logs in JSON with ISO8601 timestamps instead of Epoch time
View brojsonnormaltime.sh
bro -r $1 -e 'redef LogAscii::use_json=T; redef LogAscii::json_timestamps = JSON::TS_ISO8601;'
View uninstall-windowsdefender.ps1
Uninstall-WindowsFeature -Name Windows-Defender
You can’t perform that action at this time.