Jackbennett

/**
Moves github header to the top right. mouseover to see the search.

1. Install the Stylish(https://chrome.google.com/webstore/detail/stylish/fjnbnpbmkenffdnngjfgmeleoegfcffe?hl=en) extension for Chrome.
2. Open up extension options and paste the whole CSS mentioned below.
3. Specify the domain name to be `github.com`.
4. Add a title and save.
*/

.header[role="banner"] {

Jackbennett

$ get-date -OutVariable sd "6/2/2017 03:58"

06 February 2017 03:58:00

$ $sd | gm


   TypeName: System.DateTime

Name                 MemberType     Definition

Jackbennett

#Remove-MailQueueObjects.ps1
Param(
    $Path = "D:\tst",
    $pattern = "TextString",
    $filter = "*.eml"
}

Get-ChildItem -Recurse -Path $Path -File -Filter $filter |
    where {
        get-content $psitem.fullname -ReadCount 0 |

Jackbennett

# By adding a credential parameter to my function I broke it and couldn't spot the fault for 10 mintues
# Rookie Mistake. Beware poor try/catch use.
try {
    # Grab the events from a remote computer
    $EventLog = Get-WinEvent -ComputerName $ComputerName -FilterHashtable -Credential:$Credential @{
                    Logname = 'Security';
                    Id = 4624;
                    StartTime = $StartDay.toShortDateString();
                    EndTime = $StopDay.toShortDateString();
                } -ErrorAction Stop

Jackbennett

<LayoutModificationTemplate
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
    Version="1">
  <LayoutOptions StartTileGroupCellWidth="6" />
  <DefaultLayoutOverride LayoutCustomizationRestrictionType="OnlySpecifiedGroups">
    <StartLayoutCollection>
      <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">

Jackbennett

$EndTime = Get-WinEvent -ComputerName $ComputerName -FilterHashTable @{LogName = "Microsoft-Windows-AppLocker/EXE and DLL"; ID = 8001} -MaxEvents 1
Get-WinEvent -ComputerName $ComputerName -FilterHashTable @{LogName = "Microsoft-Windows-AppLocker/EXE and DLL"; EndTime = $EndTime.TimeCreated}
write-warning $EndTime.timecreated()

Jackbennett

$ 1..1000 | %{ measure-command { ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")}  }| sort -Descending -Property TotalMilliseconds | select -First 20 -Property TotalMilliseconds

TotalMilliseconds
-----------------
           9.2754
           0.9975
            0.195
            0.191
           0.1877
           0.1817

Jackbennett

# Get All PCs in Domain, Export to ServerList.txt
# Call get-inventory.ps1 logic on created Serverlist.txt
# dk / 22.09.2017
import-module activedirectory

$domain = "carpentier.local" 
$tempfile = "c:\temp\tmpfile.csv"
$outfile = "c:\temp\Serverlist.csv"
Get-ADComputer -Filter * |
select-object Name |

Jackbennett

Because typing is hard;

set other search engines in chrome

shortcut then space or tab to start

Shortcut	Action	URL
l	complete localhost port	localhost:%s/
js	Search prefix javascript	http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=javascript%20%s

Jackbennett

osquery.flags ->
--enroll_secret_path=c:\programdata\osquery\heroku.secret
--tls_server_certs=c:\programdata\osquery\demoapponherokuapp.com.pem
--tls_hostname=demoapponherokuapp.com
--host_identifier=hostname
--enroll_tls_endpoint=/api/v1/osquery/enroll
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=10
--disable_distributed=false