Skip to content

Instantly share code, notes, and snippets.

View mgstate's full-sized avatar

Mike mgstate

13 followers · 39 following
View GitHub Profile
@mgstate
mgstate / FodhelperUACBypass.ps1
Created May 10, 2023 15:53 — forked from netbiosX/FodhelperUACBypass.ps1
Bypass UAC via Fodhelper binary in Windows 10 systems
<#
.SYNOPSIS
This script can bypass User Access Control (UAC) via fodhelper.exe
 
It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts
an elevated command prompt.
 
.NOTES
Function : FodhelperUACBypass
File Name : FodhelperUACBypass.ps1
@mgstate
mgstate / PowerView-3.0-tricks.ps1
Created June 21, 2023 18:35 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@mgstate
mgstate / arkime-process-pcap.sh
Created November 7, 2023 16:45 — forked from jstrosch/arkime-process-pcap.sh
This script is designed to facilitate the process of ingesting PCAPs with Arkime. It will clear the local elastic database and process the PCAP using "moloch-capture" service. This script was primarily designed to be used with the following course on PluralSight: https://www.pluralsight.com/courses/network-analysis-arkime
#!/usr/bin/env bash
#Author: Josh Stroschein (@jstrosch)
#Date: 28 Nov 2020
#Desc: Script used to process a PCAP file with Arkime (formerly Moloch)
PCAP=$1
# Ensure there is at least one argument
if [ $# -eq 0 ]; then
echo "[!] Usage: $0 'path to PCAP file'";