sassdawe

<# 
  The basics: A HashSet is a collection that holds unique elements in no particular order (O(1) complexity 
  for adding, searching or removing). The HashSet<T> is a generic class in the System.Collections.Generic 
  namespace, ideal for managing large data sets and performing set operations.

  Core aspects: The dotnet HashSet is a hash-based collection that allows only distinct elements. 
  It supports various operations such as Union, Intersection, Difference, and more.
  
  More: https://www.bytehide.com/blog/hashset-csharp
#>

sassdawe

# option 1
using namespace System.Collections.Specialized
$ordered = new-object OrderedDictionary

# option 2 
$ordered = new-object System.Collections.Specialized.OrderedDictionary

# members
$ordered | get-member

sassdawe

function mandatoryUserBoolParam {
    param(
        [Parameter(Mandatory=$true)]
        [ValidateSet("true","false","1","0","yes","no","y","n")]
        [string]$param
    )
    $boolParam = $false
    switch ($param.ToLower()) {
        "true" { $boolParam = $true }

sassdawe

{
            "background": "#F9F9F9",
            "black": "#AB3D2C",
            "blue": "#275FE4",
            "brightBlack": "#C21458",
            "brightBlue": "#0099E1",
            "brightCyan": "#7B86BB",
            "brightGreen": "#3D942E",
            "brightPurple": "#CE33C0",
            "brightRed": "#FF0308",

sassdawe

filter ThrowStdOutErrors($messageFilter,[Parameter(ValueFromPipeline)]$obj) {
  if ($obj -is [Management.Automation.ErrorRecord]) {
    if ($obj -match $messageFilter) {
      throw $obj
    } else {
      Write-Error $obj
      return
    }
  }
  $obj

sassdawe

$PSDefaultParameterValues["Get-AzADUser:Select"] = @("DisplayName", "Id", "UserPrincipalName", "UserType", "AccountEnabled")

sassdawe

using namespace System.Management.Automation
using namespace Microsoft.PowerShell.Commands
function Write-FunctionError {
<#
.SYNOPSIS
Writes an error within the context of the containing CmdletBinding() function. Makes error displays prettier
.NOTES
ScriptStackTrace will still show Write-FunctionError, so its not completely transparent. There's no way to "edit" or "replace" this stacktrace that I can find.
.EXAMPLE
function test {

sassdawe

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

sassdawe

$module = "module name"
$folder = "destination folder"

(((Get-Module $module).ExportedFunctions).Values.GetEnumerator()) | Foreach-Object { 
  "function $($_.Name) { `n $($_.definition)`n}" > "$folder\function-$($_.name).ps1"
}

sassdawe

#requires -version 7
#You can load this script with $(iwr https://tinyurl.com/TraceAICommand | iex)
using namespace Microsoft.ApplicationInsights
using namespace Microsoft.ApplicationInsights.Extensibility
using namespace Microsoft.ApplicationInsights.DataContracts
using namespace System.Management.Automation
using namespace System.Collections.Generic
using namespace System.Net

#Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/console