Andrew xtrasimplicity
xtrasimplicity
/ gist:0513c55c98fa030184039b63dc304d30
Created
March 29, 2023 23:23
CVE-2023-23397 - Outlook Elevation of Privilege vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Devices joined to a domain, which receive these via GPO | |
| netsh advfirewall firewall show rule name="Outbound SMB: Allow to LAN" type=dynamic >nul || netsh advfirewall firewall add rule name="Outbound SMB: Allow to LAN" protocol=TCP remoteip="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" remoteport=445 action=allow dir=out | |
| netsh advfirewall firewall show rule name="Outbound SMB: Block All" type=dynamic >nul || netsh advfirewall firewall add rule name="Outbound SMB: Block All" protocol=TCP remoteip=any remoteport=445 action=block dir=out | |
| netsh advfirewall set allprofiles state on | |
| netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound | |
| # Devices NOT joined to a domain, or which don't receive these via GPO | |
| netsh advfirewall firewall show rule name="Outbound SMB: Allow to LAN" >nul || netsh advfirewall firewall add rule name="Outbound SMB: Allow to LAN" protocol=TCP remoteip="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" remoteport=445 action=allow dir=out | |
| netsh advfirewall firewall show rule name="Ou |
xtrasimplicity
/ gist:88b9e4b8269ede9cce42b2224ba172f0
Last active
April 19, 2024 00:30
Action1 - Apps that are not updateable by Action1 (Data Source)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $action1supportedApps = @("1Password", | |
| "7-Zip", | |
| "Adobe Acrobat Reader DC", | |
| "Adobe Acrobat Reader DC MUI", | |
| "Adobe AIR", | |
| "Adobe Animate 2023", | |
| "Adobe Animate 2024", | |
| "Adobe Audition 2023", | |
| "Adobe Audition 2024", | |
| "Adobe Bridge 2023", |
xtrasimplicity
/ data_source.ps1
Created
April 23, 2024 00:57
Action1 - Installed Web Browser Extensions (Data Source)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Find all user profiles | |
| $users = Get-ChildItem C:\Users -Directory -Exclude '*Public*', '*Default*' | |
| function Get-Extension-Name-For-Edge($extensionId) { | |
| $url = "https://microsoftedge.microsoft.com/addons/detail/$($extensionId)" | |
| $WebRequest = Invoke-WebRequest -Uri $url -ErrorAction Stop -UseBasicParsing | |
| if ($WebRequest.StatusCode -ne 200) { | |
| return "Unknown - $($extensionId)"; |
xtrasimplicity
/ gist:8387a4178100375910fd031130a53657
Last active
May 21, 2024 05:46
Carbon Black Cloud Sensor - Agent removal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ErrorActionPreference = "Stop" # This prevents the registry key from being removed if it couldn't be backed up. | |
| $name = "Carbon Black Cloud Sensor" | |
| $cbProducts = Get-ChildItem "Registry::HKEY_CLASSES_ROOT\Installer\Products" | Where { $_.GetValue('ProductName') -imatch $name } | |
| $regBackups = New-Object System.Collections.ArrayList | |
| function Base64-Encode($file) { | |
| $fileContent = Get-Content -Path $file -Raw | |
| [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($fileContent)); | |
| } |
OlderNewer