Skip to content

Instantly share code, notes, and snippets.

View mgreen27's full-sized avatar

Matthew Green mgreen27

136 followers · 56 following
View GitHub Profile
@mgreen27
mgreen27 / 00_ntfs.ps1
Last active July 11, 2022 16:06 — forked from scudette/extended_attributes.ps1
Auscert 2022 Exercise setup
### NTFS exercise setup
## 1. download some files to test various content and add ADS to simulate manual download from a browser
$downloads = (
"https://live.sysinternals.com/PsExec64.exe",
"https://live.sysinternals.com/procdump64.exe",
"https://live.sysinternals.com/sdelete64.exe",
"https://github.com/limbenjamin/nTimetools/raw/master/nTimestomp_v1.2_x64.exe"
)
@mgreen27
mgreen27 / gcloud_cheat_sheet.md
Created March 19, 2021 01:34 — forked from pydevops/gcloud-cheat-sheet.md
gcp gcloud cheat sheet
@mgreen27
mgreen27 / o365-kb.md
Last active May 6, 2024 19:58 — forked from hiddenillusion/o365-kb.md
Term Description Link(s)
Alias Another email address that people can use to email
App Password An app password is a password that is created within the Azure portal and that allows the user to bypass MFA and continue to use their application.
Alternate email address Required for admins to receive important notifications, or resetting the admin password which cannot be modified by the end users
AuditAdmin
AuditDelegate
Delegate An account with assigned permissions to a mailbox.
Display Name Name that appears in the Address Book & on the TO and From lines on an email.
EAC "Exchange Admin Center"
@mgreen27
mgreen27 / Get-ExtrinsicEventClasses.ps1
Created May 27, 2017 01:26 — forked from et0x/Get-ExtrinsicEventClasses.ps1
List all WMI extrinsic event classes recursively
function Get-Derived {
Param(
[String]$Class,
[String]$Namespace
)
if (-not [string]::IsNullOrEmpty($Class))
{
Get-WmiObject -List -Namespace $Namespace | Where-Object { $_.__SUPERCLASS -eq $Class -and (-not ($_.Name.StartsWith('__')) ) } | foreach {
Get-Derived -Class $_.__CLASS -Namespace $_.__NAMESPACE
$_