Raimund Andrée [MSFT] raandree
🏠
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $t1 = [datetime]::Today.AddHours(4).ToString('s') | |
| $e = $null | |
| $FilterXML = @" | |
| <QueryList> | |
| <Query Id="0" Path="Security"> | |
| <Select Path="Security"> | |
| (*[EventData[ | |
| Data[@Name="TargetDomainName"] != "Window Manager" and | |
| Data[@Name="TargetDomainName"] != "Font Driver Host" and | |
| Data[@Name="TargetDomainName"] != "NT AUTHORITY" |
raandree
/ DsGetDcNameWin32Demo.ps1
Created
March 11, 2023 16:41
This script shows how to use a Win32 function (GetDcName) from PowerShell.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $code = @' | |
| using System; | |
| using System.Collections.Generic; | |
| using System.ComponentModel; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace Test |
raandree
/ Get-KerberosTickets.ps1
Created
February 15, 2022 10:53
Get all Kerberos tickets from all logon sessions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $sessions = klist sessions | |
| $pattern = '\[(\d+)\] Session \d \d:(?<LowPart>0)x(?<HighPart>[a-f0-9]+)' | |
| $sessions = foreach ($line in $sessions) | |
| { | |
| if ($line -match $pattern) | |
| { | |
| New-Object PSObject -Property @{ | |
| LowPart = $Matches.LowPart | |
| HighPart = $Matches.HighPart |
raandree
/ EventTextLengthCompare.ps1
Last active
December 16, 2021 11:55
Compare length of text of an event as plain text, XML serialized, Base64 encoded and then AES256 encrypted.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function GenerateRandomSalt | |
| { | |
| [byte[]]$data = New-Object byte[](32) | |
| $cp = [System.Security.Cryptography.RNGCryptoServiceProvider]::new() | |
| for ($i = 0; $i -lt 10; $i++) | |
| { | |
| $cp.GetBytes($data) | |
| } |
raandree
/ BootstrapPowerShellGet.ps1
Created
January 13, 2021 09:23
Update a client to the newest PowerShellGet version
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 | |
| mkdir -Path C:\ProgramData\Microsoft\Windows\PowerShell\PowerShellGet -Force | |
| Invoke-WebRequest -Uri 'https://nuget.org/nuget.exe' -OutFile C:\ProgramData\Microsoft\Windows\PowerShell\PowerShellGet\nuget.exe -ErrorAction Stop | |
| Install-PackageProvider -Name NuGet -Force | |
| Install-Module -Name PowerShellGet -Force |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Powerful asynchronus IPv4 Port Scanner | |
| .DESCRIPTION | |
| This powerful asynchronus IPv4 Port Scanner allows you to scan every Port-Range you want (500 to 2600 would work). | |
| The result will contain the Port number, Protocol, Service name, Description and the Status. | |
| .EXAMPLE |
raandree
/ Update-AzureVmDiskSku.ps1
Last active
April 18, 2020 10:33
Changes the Sku of all disks connected to a VM to the desired one. Chaning the VMs role size might also be required.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [Parameter(Mandatory)] | |
| $ResourceGroupName, | |
| [Parameter(Mandatory)] | |
| $VmName, | |
| [Parameter(Mandatory)] | |
| [ValidateSet('Standard_LRS', 'Premium_LRS', 'StandardSSD_LRS', 'UltraSSD_LRS')] | |
| $StorageType, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $vms = Get-LabVM -Role FileServer | |
| $wiresharkUri = 'https://1.eu.dl.wireshark.org/win64/Wireshark-win64-3.2.2.exe' | |
| $fiddlerUri = 'https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe' | |
| $fiddler = Get-LabInternetFile -Uri $fiddlerUri -Path $labSources\SoftwarePackages -PassThru | |
| $wireshark = Get-LabInternetFile -Uri $wiresharkUri -Path $labSources\SoftwarePackages -FileName Wireshark.exe -PassThru | |
| Install-LabSoftwarePackage -Path $fiddler.FullName -CommandLine /S -ComputerName $vms | |
| Install-LabSoftwarePackage -Path $wireshark.FullName -CommandLine /S -ComputerName $vms |
raandree
/ Get-SqlConnections.sql
Created
March 4, 2020 10:56
Gets all connection from a SQL server including authentication type
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT | |
| s.session_id, | |
| c.connect_time, | |
| s.login_time, | |
| s.login_name, | |
| c.protocol_type, | |
| c.auth_scheme, | |
| s.HOST_NAME, | |
| s.program_name | |
| FROM sys.dm_exec_sessions s |
raandree
/ Attach-Debugger.ps1
Last active
September 10, 2024 16:49
Debug DSC code running in a different process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [DSCLocalConfigurationManager()] | |
| configuration LcmDebugConfig | |
| { | |
| Node localhost | |
| { | |
| Settings | |
| { | |
| RefreshMode = 'Push' | |
| DebugMode = 'ForceModuleImport' | |
| } |
NewerOlder