Last active
October 1, 2023 16:08
-
-
Save milnak/5100fd003fa3f9281e8f417a1cd46fde to your computer and use it in GitHub Desktop.
[Decode an ATP safelink] Decode Microsoft Defender ATP SafeLink to plain text
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Decode an ATP safelink | |
#> | |
Param([Parameter(Mandatory=$true)][Uri]$uri) | |
'Host: {0}' -f $uri.Host | |
# Split query into Name, Unescaped Value pairs. | |
if ($uri.Query) { | |
$query = @{} | |
$uri.Query.Substring(1) -split '&' | ForEach-Object { | |
$key,$value = $_.Split('=') | |
$query[$key] = [URI]::UnescapeDataString($value) | |
} | |
'Data: {0}' -f $query['data'] | |
'URL: {0}' -f $query['url'] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment