C.J. May lawndoc

## New-DevDrive.ps1
 <#

.SYNOPSIS
    Script to create a new Dev Drive

.DESCRIPTION
    This script will create a new Dev Drive on a Windows system. By default, it will create a 100GB dynamically sized VHDX file located in C:\ProgramData\Custom Dev Drive\drive.vhdx that will be mounted to the V: letter drive. For more information about Dev Drives, please see https://learn.microsoft.com/en-us/windows/dev-drive/

.EXAMPLE
    .\New-DevDrive.ps1

## spam_creds.py
#!/usr/bin/env python3

import argparse
import grequests
import random
import requests
import string
import sys
from urllib.request import urlopen

## WSL2_VPN_Workaround_Instructions.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                lawndoc
                / WSL2_VPN_Workaround_Instructions.md
            
            
              Last active
              November 22, 2023 17:31
                — forked from machuu/WSL2_VPN_Workaround_Instructions.md
            
              
                Workaround for WSL2 network broken on VPN
              
          
    Overview

Internet connection and DNS routing are broken from WSL2 instances, when some VPNs are active.
The workaround breaks down into two problems:

Network connection to internet
DNS in WSL2

This problem is tracked in multiple microsoft/WSL issues including, but not limited to:

microsoft/WSL#5068


## DeviceUsers.kusto
// Advanced Hunting custom function
// ------------------------------------
// DeviceUsers()
// This function enriches a table with the users who use each device including full name, email, job title, etc.
// Example usage:
// ...
// | invoke DeviceUsers()
// ------------------------------------
let DeviceUsers = (T:(DeviceName:string)) {
    T

## RareService.kusto
// credit to mRr3b00t @UK_Daniel_Card for the idea and starting point
// Globally Rare Service Installation
// Matches service executables to their file info and looks at global prevalence
let PrevalenceThreshold = 1000; // adjust as needed
DeviceEvents
| where ActionType == "ServiceInstalled"
| where FileName != ""  // Defender not capturing service executable sometimes -- needs investigation
//-- false positives
| where not (
    (FileName startswith "svchost.exe -k "  // lots of these

## cloc-gh
#!/usr/bin/env bash

# Author: C.J. May @lawndoc
# Usage: cloc-gh <username>
# Prereqs: cloc gh

cloc_repo () {
  gh repo clone "$1" temp-linecount-repo -- --depth 1 > /dev/null 2>&1 &&
  cloc temp-linecount-repo | grep SUM | awk '{ print $5 }' >> line_count.txt &&
  rm -rf temp-linecount-repo

## pa-silent-registration.kql
DeviceProcessEvents
| where FileName =~ "PAD.MachineRegistration.Silent.exe"

## HiveNightmareFix.ps1
#change permissions and delete shadows
$checkPermissions = icacls c:\Windows\System32\config\sam
if ($checkPermissions -like '*BUILTIN\Users:(I)(RX*)*') {
    icacls c:\windows\system32\config\*.* /inheritance:e
    vssadmin delete shadows /quiet /all
    $vulnerable = $true
}
else {
    $vulnerable = $false
}

## OS-Version-Sort-All.ps1
### Global Variables (edit these)
$DOMAIN = "DC=example,DC=com"
$CSVPATH = ".\\"

### Begin Script
$windowsXP = [System.Collections.ArrayList]@()
$windows7 = [System.Collections.ArrayList]@()
$windows10 = [System.Collections.ArrayList]@()
$server03 = [System.Collections.ArrayList]@()
$server08 = [System.Collections.ArrayList]@()
	<#

	.SYNOPSIS
	Script to create a new Dev Drive

	.DESCRIPTION
	This script will create a new Dev Drive on a Windows system. By default, it will create a 100GB dynamically sized VHDX file located in C:\ProgramData\Custom Dev Drive\drive.vhdx that will be mounted to the V: letter drive. For more information about Dev Drives, please see https://learn.microsoft.com/en-us/windows/dev-drive/

	.EXAMPLE
	.\New-DevDrive.ps1
	#!/usr/bin/env python3

	import argparse
	import grequests
	import random
	import requests
	import string
	import sys
	from urllib.request import urlopen
	// Advanced Hunting custom function
	// ------------------------------------
	// DeviceUsers()
	// This function enriches a table with the users who use each device including full name, email, job title, etc.
	// Example usage:
	// ...
	// \| invoke DeviceUsers()
	// ------------------------------------
	let DeviceUsers = (T:(DeviceName:string)) {
	T
	// credit to mRr3b00t @UK_Daniel_Card for the idea and starting point
	// Globally Rare Service Installation
	// Matches service executables to their file info and looks at global prevalence
	let PrevalenceThreshold = 1000; // adjust as needed
	DeviceEvents
	\| where ActionType == "ServiceInstalled"
	\| where FileName != "" // Defender not capturing service executable sometimes -- needs investigation
	//-- false positives
	\| where not (
	(FileName startswith "svchost.exe -k " // lots of these
	#!/usr/bin/env bash

	# Author: C.J. May @lawndoc
	# Usage: cloc-gh <username>
	# Prereqs: cloc gh

	cloc_repo () {
	gh repo clone "$1" temp-linecount-repo -- --depth 1 > /dev/null 2>&1 &&
	cloc temp-linecount-repo \| grep SUM \| awk '{ print $5 }' >> line_count.txt &&
	rm -rf temp-linecount-repo
	DeviceProcessEvents
	\| where FileName =~ "PAD.MachineRegistration.Silent.exe"
	#change permissions and delete shadows
	$checkPermissions = icacls c:\Windows\System32\config\sam
	if ($checkPermissions -like 'BUILTIN\Users:(I)(RX)*') {
	icacls c:\windows\system32\config\. /inheritance:e
	vssadmin delete shadows /quiet /all
	$vulnerable = $true
	}
	else {
	$vulnerable = $false
	}
	### Global Variables (edit these)
	$DOMAIN = "DC=example,DC=com"
	$CSVPATH = ".\\"

	### Begin Script
	$windowsXP = [System.Collections.ArrayList]@()
	$windows7 = [System.Collections.ArrayList]@()
	$windows10 = [System.Collections.ArrayList]@()
	$server03 = [System.Collections.ArrayList]@()
	$server08 = [System.Collections.ArrayList]@()