Skip to content

Instantly share code, notes, and snippets.

View BertMueller18's full-sized avatar

Bert Mueller BertMueller18

23 followers · 67 following
  • Leipzig, Germany
View GitHub Profile
@avoidik
avoidik / check_vulnerabledrivers.ps1
Created May 21, 2023 13:39 — forked from api0cradle/check_vulnerabledrivers.ps1
A quick script to check for vulnerable drivers. Compares drivers on system with list from loldrivers.io
# Simple script to check drivers in C:\windows\system32\drivers against the loldrivers list
# Author: Oddvar Moe - @oddvar.moe
$drivers = get-childitem -Path c:\windows\system32\drivers
$web_client = new-object system.net.webclient
$loldrivers = $web_client.DownloadString(" https://www.loldrivers.io/api/drivers.json") | ConvertFrom-Json
Write-output("Checking {0} drivers in C:\windows\system32\drivers against loldrivers.io json file" -f $drivers.Count)
foreach ($lol in $loldrivers.KnownVulnerableSamples)
{
@IISResetMe
IISResetMe / Scan-LOLDrivers.ps1
Created May 19, 2023 17:08 — forked from MHaggis/Scan-LOLDrivers.ps1
it works - but use with caution :) it's a bit noisy and I think it's broken
function Scan-LOLDrivers {
param(
[Parameter(Mandatory = $true)]
[string]$path
)
Add-Type -TypeDefinition @"
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
@api0cradle
api0cradle / check_vulnerabledrivers.ps1
Last active March 9, 2026 11:00
A quick script to check for vulnerable drivers. Compares drivers on system with list from loldrivers.io
# Simple script to check drivers in C:\windows\system32\drivers against the loldrivers list
# Author: Oddvar Moe - @oddvar.moe
$drivers = get-childitem -Path c:\windows\system32\drivers
$web_client = new-object system.net.webclient
$jsonString = $web_client.DownloadString("https://www.loldrivers.io/api/drivers.json")
$jsonString = $jsonString -replace '"INIT"','"init"'
$loldrivers = $jsonString | ConvertFrom-Json
Write-output("Checking {0} drivers in C:\windows\system32\drivers against loldrivers.io json file" -f $drivers.Count)
@avoidik
avoidik / README.md
Last active July 8, 2024 19:54
Configure git, pass, docker and twine to use gpg

Install required tools first

$ # ubuntu
$ sudo apt-get install -y git gnupg pass pinentry-curses
$ # macos
$ brew install git gnupg2 docker-credential-helper pass pinentry-mac

There is no PPA for docker-credential-helper on Ubuntu, so install that directly

@nasbench
nasbench / pwsh_dirty_words.yml
Last active December 1, 2025 01:17
List of suspicious strings used by PowerShell `SuspiciousContentChecker` function
# Source: System.Management.Automation.dll
# This list is used to determin if a ScriptBlock contains potential suspicious content
# If a match is found an automatic 4104 with a "warning" level is generated.
# https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs
- "Add-Type"
- "AddSecurityPackage"
- "AdjustTokenPrivileges"
- "AllocHGlobal"
- "BindingFlags"
- "Bypass"
@kevinblumenfeld
kevinblumenfeld / Set-StandardMember.ps1
Created March 1, 2023 02:34 — forked from santisq/Set-StandardMember.ps1
sets PSStandardMember for all input objects
using namespace System.Management.Automation
function Set-StandardMember {
[CmdletBinding()]
param(
[parameter(Mandatory, ValueFromPipeline)]
[object] $InputObject,
[parameter(Mandatory)]
[string[]] $DefaultProperties
@b4cktr4ck2
b4cktr4ck2 / esc1.ps1
Created February 22, 2023 21:50
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
#Thank you @NotMedic for troubleshooting/validating stuff!
$password = Read-Host -Prompt "Enter Password"
#^^ Feel free to hardcode this for running in a beacon/not retyping it all the time!
$server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now.
$CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored?
$CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box.
$CASERVER = "alexlab-dc01-ca" #CA name.
$CA = $CAFQDN + "\" + $CASERVER
@FriedrichWeinmann
FriedrichWeinmann / GpoBackupImport.ps1
Created February 14, 2023 09:51
function Get-GpoBackupName {
[CmdletBinding()]
param (
[Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[Alias('FullName')]
[string]
$Path
)
process {
foreach ($folder in $Path) {
@deadlydog
deadlydog / PowerShellUtilities.psm1
Last active November 4, 2024 07:43
Powershell Invoke-ScriptBlockWithRetries function to execute arbitrary PowerShell code and automatically retry if an error occurs
function Invoke-ScriptBlockWithRetries {
[CmdletBinding(DefaultParameterSetName = 'RetryNonTerminatingErrors')]
param (
[Parameter(Mandatory = $true, HelpMessage = "The script block to execute.")]
[ValidateNotNull()]
[scriptblock] $ScriptBlock,
[Parameter(Mandatory = $false, HelpMessage = "The maximum number of times to attempt the script block when it returns an error.")]
[ValidateRange(1, [int]::MaxValue)]
[int] $MaxNumberOfAttempts = 5,
@halr9000
halr9000 / Get-NvidiaGpu.ps1
Created December 24, 2022 02:52
Query NVIDIA-SMI for select properties and output them to the screen
try {
$output = nvidia-smi.exe -q -x
}
catch {
<#Do this if a terminating exception happens#>
throw "NVIDIA System Management Interface (nvidia-smi.exe) is not found. Learn more at https://developer.nvidia.com/nvidia-system-management-interface"
}
$xml = [xml]$output
$log = $xml.nvidia_smi_log