Skip to content

Instantly share code, notes, and snippets.

View raandree's full-sized avatar
🏠
Working from home

Raimund Andrée raandree

🏠
Working from home
278 followers · 13 following
View GitHub Profile
@raandree
raandree / InstallLastestAutomatedLabPrerelease.ps1
Last active December 9, 2025 15:04
[CmdletBinding()]
param (
[Parameter(Mandatory = $false)]
[string]$Version
)
# First do the standard installation
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "AutomatedLab Installation Script" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
@raandree
raandree / Register-ScheduledTask2.ps1
Created January 13, 2025 18:39
This script registers a scheduled job to run the specified script on a schedule. It can register the job to run as local system or as the user who called this script.
<#
.SYNOPSIS
Registers a scheduled job to run the specified script on a schedule.
.DESCRIPTION
This script registers a scheduled job to run the specified script on a schedule. It can register the
job to run as local system or as the user who called this script.
.PARAMETER At
The time at which the job should be triggered. The format is 24 hours like 21:00.
@raandree
raandree / New-JeaDemoInDomain.ps1
Last active November 7, 2024 10:06
JEA: Register a new restricted endpoint with JEA roles
function Unlock-AAAccount
{
param(
[Parameter(Mandatory)]
[string]$Identity
)
try
{
$user = Get-ADUser -Identity $Identity
@raandree
raandree / Attach-Debugger.ps1
Last active September 10, 2024 16:49
Debug DSC code running in a different process
[DSCLocalConfigurationManager()]
configuration LcmDebugConfig
{
Node localhost
{
Settings
{
RefreshMode = 'Push'
DebugMode = 'ForceModuleImport'
}
@raandree
raandree / Get-NtlmLogonEvents.ps1
Created June 9, 2024 09:08
Detect NTLM v1 and v2 logons
$t1 = [datetime]::Today.AddHours(4).ToString('s')
$e = $null
$FilterXML = @"
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
(*[EventData[
Data[@Name="TargetDomainName"] != "Window Manager" and
Data[@Name="TargetDomainName"] != "Font Driver Host" and
Data[@Name="TargetDomainName"] != "NT AUTHORITY"
@raandree
raandree / 1. Start-PortScan.ps1
Last active April 26, 2024 10:20
PowerShell Portscan
<#
.SYNOPSIS
Powerful asynchronus IPv4 Port Scanner
.DESCRIPTION
This powerful asynchronus IPv4 Port Scanner allows you to scan every Port-Range you want (500 to 2600 would work).
The result will contain the Port number, Protocol, Service name, Description and the Status.
.EXAMPLE
@raandree
raandree / Get-KerberosKeytab.ps1
Last active December 27, 2023 02:33
Parses Kerberos Keytab files
param(
[Parameter(Mandatory)]
[string]$Path
)
#Created by Pierre.Audonnet@microsoft.com
#
#Got keytab structure from http://www.ioplex.com/utilities/keytab.txt
#
# keytab {
@raandree
raandree / DsGetDcNameWin32Demo.ps1
Created March 11, 2023 16:41
This script shows how to use a Win32 function (GetDcName) from PowerShell.
$code = @'
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace Test
@raandree
raandree / Get-KerberosTickets.ps1
Created February 15, 2022 10:53
Get all Kerberos tickets from all logon sessions
$sessions = klist sessions
$pattern = '\[(\d+)\] Session \d \d:(?<LowPart>0)x(?<HighPart>[a-f0-9]+)'
$sessions = foreach ($line in $sessions)
{
if ($line -match $pattern)
{
New-Object PSObject -Property @{
LowPart = $Matches.LowPart
HighPart = $Matches.HighPart
@raandree
raandree / EventTextLengthCompare.ps1
Last active December 16, 2021 11:55
Compare length of text of an event as plain text, XML serialized, Base64 encoded and then AES256 encrypted.
function GenerateRandomSalt
{
[byte[]]$data = New-Object byte[](32)
$cp = [System.Security.Cryptography.RNGCryptoServiceProvider]::new()
for ($i = 0; $i -lt 10; $i++)
{
$cp.GetBytes($data)
}