| $methods = @('Get-AttckTool', 'Get-AttckTechnique', 'Get-AttckTactic', 'Get-AttckMitigation', 'Get-AttckMalware', 'Get-AttckActor') | |
| foreach ($method in $methods){ | |
| $properties = @('Name', 'Id') | |
| foreach ($prop in $properties){ | |
| ${"($method)NameScriptBlock"} = { | |
| param($commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters) | |
| (& $method)."$prop".ForEach({ |
| import os | |
| import requests | |
| from bs4 import BeautifulSoup | |
| import time | |
| import re | |
| import io | |
| from zipfile import ZipFile | |
| EXTENSION_LIST = [ |
The MITRE ATT&CK JSON file is a flat JSON structure which is difficult to parse. To parse this JSON file, there are several different approaches but the type key is the, well, key!
The types within this JSON are the following (as well as the common wording used for this type):
The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
| <# | |
| .Synopsis | |
| Confirm if a date time format pattern is valid or not | |
| .DESCRIPTION | |
| Confirm if a date time format pattern is valid or not | |
| based on the current culture on the machine that this function | |
| is being ran on | |
| .EXAMPLE 1 |
| function Get-TargetedWinEvent { | |
| <# | |
| .SYNOPSIS | |
| Searches Windows logs for events related to specific Event IDs or EventData.Data values | |
| .DESCRIPTION | |
| Searches Windows logs for events related to specific Event IDs or EventData.Data values | |
| Supports searching offline/exported evt/evtx files as well as online machines | |
| .PARAMETER SearchTerm | |
| EventData.Data property value to search for |
| # Set your PowerShell execution policy | |
| Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force | |
| function Invoke-ComputerSetup { | |
| [CmdletBinding(DefaultParameterSetName='Parameter Set 1', | |
| SupportsShouldProcess=$true, | |
| PositionalBinding=$false, |
| <# | |
| .Synopsis | |
| A PowerShell function to expand IP Ranges with dashes | |
| .DESCRIPTION | |
| This function will take an array of IP address ranges and | |
| split them out into single IP addresses | |
| .EXAMPLE | |
| Expand-IPRange -Range '192.0.0.1-192.0.0.100','192.0.0.150-192.0.10.1' | |
| .EXAMPLE | |
| Expand-IPRange -Range '192.0.0.1-192.0.0.100','192.0.0.140','172.0.0.1-172.0.1.240' |
| function Write-WindowsLogo | |
| { | |
| [CmdletBinding()] | |
| [Alias()] | |
| Param() | |
| Write-Host -Object ("") | |
| Write-Host -Object ("") | |
| Write-Host -Object (" ,.=:^!^!t3Z3z., ") -ForegroundColor Red | |
| Write-Host -Object (" :tt:::tt333EE3 ") -ForegroundColor Red |
| <# | |
| .Synopsis | |
| Rough PS functions to create new user profiles | |
| .DESCRIPTION | |
| Call the Create-NewProfile function directly to create a new profile | |
| .EXAMPLE | |
| Create-NewProfile -Username 'testUser1' -Password 'testUser1' | |
| .NOTES | |
| Created by: Josh Rickard (@MS_dministrator) | |
| Date: 24MAR2017 |
