Skip to content

Instantly share code, notes, and snippets.

View joswr1ght's full-sized avatar

Joshua Wright joswr1ght

371 followers · 19 following
View GitHub Profile
@joswr1ght
joswr1ght / checkhiddensvc.ps1
Last active May 22, 2024 02:07
Identify Hidden Windows Services
Compare-Object -ReferenceObject (Get-Service | Select-Object -ExpandProperty Name | % { $_ -replace "_[0-9a-f]{2,8}$" } ) -DifferenceObject (gci -path hklm:\system\currentcontrolset\services | % { $_.Name -Replace "HKEY_LOCAL_MACHINE\\","HKLM:\" } | ? { Get-ItemProperty -Path "$_" -name objectname -erroraction 'ignore' } | % { $_.substring(40) }) -PassThru | ?{$_.sideIndicator -eq "=>"}
@joswr1ght
joswr1ght / makejpg.sh
Created July 29, 2020 16:22
Convert one or more TIFF files in the current directory to resized JPGs
#!/bin/bash
if [ $? -eq 1 ] ; then
echo "Usage: $0 <save-dir> [long-edge-in-px]"
exit
fi
for image in *.tif; do
base=`echo $image | sed 's/.tif//'`
convert $image -resize "$2>" $1/$base-$1.jpg >>log 2>&1
echo -n "."
done
@joswr1ght
joswr1ght / compare-process-example.ps1
Created March 6, 2020 15:04
Comparing DLL List Before and After for a Process
# Start by changing to a temporary directory
PS C:\WINDOWS\system32> cd \temp
# Run the ps command to get a list of process information for a named process (in this case we use lsass)
# Pipe the output to Select-Object ModuleName to limit the output to just the DLLs
PS C:\temp> ps -Name lsass -Module | Select-Object ModuleName
ModuleName
----------
lsass.exe
ntdll.dll
@joswr1ght
joswr1ght / linter.ps1
Created March 3, 2020 18:37
PowerShell Linter
docker run -v $PWD:/script -it mcr.microsoft.com/powershell pwsh -c "Install-Module PSScriptAnalyzer -Force; Invoke-ScriptAnalyzer -Path /script/scripts/openssh.ps1"
@joswr1ght
joswr1ght / Dump-Clipboard.sh
Created January 27, 2020 13:20
Dump the clipboard contents on macOS
x=""; while true; do y=`pbpaste`; if [ "$x" != "$y" ] ; then echo $y; x=$y; fi; done
@joswr1ght
joswr1ght / Dump-Clipboard.ps1
Created January 27, 2020 13:12
Copy Clipboard Data from PowerShell
$x=""; while($true) { $y=get-clipboard -raw; if ($x -ne $y) { Write-Host $y; $x=$y } }
@joswr1ght
joswr1ght / groupenumeration.ps1
Created January 8, 2020 13:08
Create a Collection of Files for Windows Domain Groups with User Members in Each File
Get-AdGroup -Filter * | % { Get-AdGroupMember $_.Name | Select-Object -ExpandProperty SamAccountName | Out-File -FilePath "$($_.Name).txt" -Encoding ASCII }
@joswr1ght
joswr1ght / disablekibanadatareporting.sh
Created December 18, 2019 18:14
Disable Kibana Data Reporting/Telemetry from the Command Line with Curl
curl --silent -d '{"doc":{"telemetry":{"enabled":false}}}' -H 'content-type: application/json' http://localhost:9200/.kibana/_update/telemetry%3Atelemetry | jq
@joswr1ght
joswr1ght / accesslog2csv.py
Created December 16, 2019 11:45
Convert Apache/Nginx Unified Log Format to CSV
# accesslog2csv: Convert default, unified access log from Apache, Nginx
# servers to CSV format.
#
# Original source by Maja Kraljic, July 18, 2017
# Modified by Joshua Wright to parse all elements in the HTTP request as
# different columns, December 16, 2019
import csv
import re
@joswr1ght
joswr1ght / stopresponderattacks.cmd
Created October 9, 2019 14:26
Disable WPAD and LLMNR on Windows
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /v "WpadOverride" /t REG_DWORD /d "1" /f
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient"
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient" /v "EnableMulticast" /t REG_DWORD /d "0" /f