MSAdministrator

@ECHO OFF
REM **********************************************************************
REM     Name: SNAPSHOT.BAT 
REM  Version: 3.3
REM     Date: 2.Apr.2013
REM   Author: Jason Fossen (http://www.sans.org/windows-security/)
REM  Purpose: Dumps a vast amount of configuration data for the sake
REM           of auditing and forensics analysis.  Compare snapshot
REM           files created at different times to extract differences.
REM    Usage: Place the script into a directory where it is safe to

MSAdministrator

<#
.Synopsis
   Rough PS functions to create new user profiles
.DESCRIPTION
   Call the Create-NewProfile function directly to create a new profile
.EXAMPLE
   Create-NewProfile -Username 'testUser1' -Password 'testUser1'
.NOTES
   Created by: Josh Rickard (@MS_dministrator)
   Date: 24MAR2017

MSAdministrator

function Write-WindowsLogo
{
    [CmdletBinding()]
    [Alias()]
    Param()

    Write-Host -Object ("")
    Write-Host -Object ("")
    Write-Host -Object ("         ,.=:^!^!t3Z3z.,                  ") -ForegroundColor Red
    Write-Host -Object ("        :tt:::tt333EE3                    ") -ForegroundColor Red

MSAdministrator

<#
.Synopsis
   A PowerShell function to expand IP Ranges with dashes
.DESCRIPTION
   This function will take an array of IP address ranges and 
   split them out into single IP addresses
.EXAMPLE
   Expand-IPRange -Range '192.0.0.1-192.0.0.100','192.0.0.150-192.0.10.1'
.EXAMPLE
   Expand-IPRange -Range '192.0.0.1-192.0.0.100','192.0.0.140','172.0.0.1-172.0.1.240'

MSAdministrator

# Set your PowerShell execution policy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force



function Invoke-ComputerSetup {
    [CmdletBinding(DefaultParameterSetName='Parameter Set 1',
                   SupportsShouldProcess=$true,
                   PositionalBinding=$false,

MSAdministrator

function Get-TargetedWinEvent {

    <#
    .SYNOPSIS
        Searches Windows logs for events related to specific Event IDs or EventData.Data values
    .DESCRIPTION
        Searches Windows logs for events related to specific Event IDs or EventData.Data values
        Supports searching offline/exported evt/evtx files as well as online machines
    .PARAMETER SearchTerm
        EventData.Data property value to search for

MSAdministrator

<#
.Synopsis
    Confirm if a date time format pattern is valid or not

.DESCRIPTION
    Confirm if a date time format pattern is valid or not
    based on the current culture on the machine that this function
    is being ran on

.EXAMPLE 1

MSAdministrator

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

• APT33
• APT34
• APT39
• Charming Kitten

MSAdministrator

MITRE ATT&CK Data Format

The MITRE ATT&CK JSON file is a flat JSON structure which is difficult to parse. To parse this JSON file, there are several different approaches but the type key is the, well, key!

The types within this JSON are the following (as well as the common wording used for this type):

• attack-pattern (Techniques)
• relationship (This is a unique type that contains relationships between types)
• course-of-action (Mitigations)
• identity (unused)

MSAdministrator

import os
import requests
from bs4 import BeautifulSoup
import time
import re
import io
from zipfile import ZipFile


EXTENSION_LIST = [