Skip to content

Instantly share code, notes, and snippets.

View whiskysec's full-sized avatar

Lionel Hutz whiskysec

View GitHub Profile
@skochinsky
skochinsky / guids.txt
Created July 4, 2016 16:27
UEFI file/section GUIDs collection
; AMI
[GUID_FILE]
; ACPI tables
16D0A23E-C09C-407d-A14A-AD058FDD0CA1=ACPI
11D8AC35-FB8A-44d1-8D09-0B5606D321B9=DSDT
95DFCAE5-BB28-4d6b-B1E2-3AF3A6BF434F=PTID
FB045DB2-598E-485A-BA30-5D7B1B1BD54D=AOAC
60AC3A8F-4D66-4CD4-895A-C3F06E6665EE=iFfsAcpiTables
5B232086-350A-42c7-A70E-3497B5765D85=OEMSSDT
299141BB-211A-48a5-92C0-6F9A0A3A006E=PPMACPI
@exp0se
exp0se / logparser.ps1
Created March 13, 2016 09:22
Logparser log parsing
# Logparser
###############
# Security Log
###############
# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
@exp0se
exp0se / powershell_eventlog_parsing.ps1
Last active September 29, 2023 23:29
Powershell log parsing
#Security log
#============
####
#4624 - Logon & Logoff events successful
#4625 - Logon unsucceful
####
# Get usernames
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique
# Get domains