Skip to content

Instantly share code, notes, and snippets.

View mnrkbys's full-sized avatar

Minoru Kobayashi mnrkbys

  • Internet Initiative Japan Inc.
  • Tokyo, Japan
  • X @unkn0wnbit
View GitHub Profile
At work recently I needed to pull together some information from the registry of a few thousand machines and include the last time the key had been updated. Lately I've been turning to Powershell more and more for my day to day tasks and this time was no different. However this simple task turned out to not be so easy, and it all revolved around acquiring the LastWriteTime of the registry keys.
Digging through WMI and .NET proved less fruitful than I had hoped, so off to Google I went. It seemed everyone had the solution if you wanted to query the machine locally, but with thousands of hosts in my Enterprise that wasn't going to work. Plus, who doesn't enjoy a good challenge. One particular script was very useful in pointing my team in the right direction, posted by Tim Medin over at blog.securitywhole.com. So we decided to adapt and modify his script to work with remote hosts.
I've only tested against a few machines at home, but I wanted to share it while I had time. I will update the post if I find issues
@mnrkbys
mnrkbys / Get-RegKeyInfo.ps1
Created March 8, 2024 05:34 — forked from jborean93/Get-RegKeyInfo.ps1
Gets detailed information about a registry key
# Copyright: (c) 2021, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Get-RegKeyInfo {
<#
.SYNOPSIS
Gets details about a registry key.
.DESCRIPTION
Gets very low level details about a registry key.
@mnrkbys
mnrkbys / osx_extract_hash.py
Created April 15, 2021 00:54 — forked from teddziuba/osx_extract_hash.py
Extract a Mac OSX Catalina user's password hash as a hashcat-compatible string
#!/usr/bin/env python3
"""
Mac OSX Catalina User Password Hash Extractor
Extracts a user's password hash as a hashcat-compatible string.
Mac OSX Catalina (10.15) uses a salted SHA-512 PBKDF2 for storing user passwords
(hashcat type 7100), and it's saved in an annoying binary-plist-nested-inside-xml-plist
format, so previously reported methods for extracting the hash don't work.
@mnrkbys
mnrkbys / linux_dump_ldsopreload.sh
Last active October 6, 2024 10:13
A script to dump /etc/ld.so.preload file on XFS filesystem with xfs_db
#!/bin/bash
# Copyright 2024 Minoru Kobayashi <unknownbit@gmail.com> (@unkn0wnbit)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software