daniel0x00

function ConvertTo-DotNotation {
    # PowerShell cmdlet that converts a PowerShell/JSON object into a dot.notation array.
    # For Splunk use cases, this cmdlet enables data to be TERM() and PREFIX() ready.

    # Author:   Daniel Ferreira (@daniel0x00)
    # License:  BSD 3-Clause
    # Source:   https://gist.github.com/daniel0x00/15f8871f2c0aca803e7f60ae0a1f42c1
    # Note:     any improvement opportunity to make this function "a 1-liner" producing same results is very welcomed.
    
    # TODO: Support for Dictionary object.

daniel0x00

## 
# Convert .xlsb to .csv - PowerShell function. 
##
## USAGE:
# Open Windows PowerShell, change your paths on below one liner and paste it in Windows PowerShell:
# Set-ExecutionPolicy Bypass -Scope Process -Force; $username = $env:username; . "C:\Users\$username\Documents\ConvertFrom-XLSB.ps1"; Get-ChildItem "C:\Users\$username\Desktop\*xlsb' | Sort-Object LastWriteTime -Descending | Select-Object -First 1 -ExpandProperty Fullname | ConvertFrom-XLSB -OutputPath 'C:\Users\$username\Desktop\'
##

function ConvertFrom-XLSB {
    param(    

daniel0x00

using namespace System.Net
param($Request, $TriggerMetadata)

###
# PowerShell serverless Function that receives a HTTP POST payload and converts it to a Splunk HEC grouped payload, optionally adding selected DotNotation properties. 
###
# Author:   Daniel Ferreira (@daniel0x00)
# License:  BSD 3-Clause
# Source:   https://gist.github.com/daniel0x00/47523a08bdd658528e4639a3da838e7e
###

daniel0x00

using namespace System.Net

# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)

# Author: Daniel Ferreira (@daniel0x00)  
# License: BSD 3-Clause

# Expected input POST Body schema:
# {

daniel0x00

function Optimize-IP {
    # Enriches an IP/Domain
    # Author: Daniel Ferreira (@daniel0x00)  
    # License: BSD 3-Clause
    # Dependencies:
    # PoshNmap by @JustinGrote (Invoke-Nmap), ConvertTo-ScanResult by @daniel0x00, Get-RemoteSSLCertificate by @daniel0x00

    <#

    .SYNOPSIS

daniel0x00

function ConvertTo-ScanResult {
    # Parse an output of PoshNmap by @JustinGrote
    # Author: Daniel Ferreira (@daniel0x00)  
    # License: BSD 3-Clause

    <#
    .SYNOPSIS
        Parse and improve the JSON output of PoshNmap. 

    .EXAMPLE

daniel0x00

function ConvertTo-SplunkHEC {
    # PowerShell cmdlet that receives an array and converts it to a Splunk HEC grouped payload. 
    
    # Author:   Daniel Ferreira (@daniel0x00)
    # License:  BSD 3-Clause
    # Source:   https://gist.github.com/daniel0x00/3b5107b206efc7418a3fbaa1f387fc44

    <#
    .SYNOPSIS
        Receives an array and outputs a Splunk HTTP Event Collector (HEC) valid grouped payload.

daniel0x00

function Process-AsyncRequest {
    # Receives a command-line payload to execute and when it finishes, sends a HTTP callback. 
    # Use-case: use with Azure Functions with connection to a Hybrid Connection. By installing this function on a server using HCM, 
    # we can pass code to the machines and get back JSON data at bulk.
    # Callback-URL can be a URL generated by Azure Logic Apps 'HTTP + Webhook' action.
    
    # Author: Daniel Ferreira (@daniel0x00)  
    # License: BSD 3-Clause

    <#

daniel0x00

function ConvertTo-DotNotation {
    # Converts a JSON object into a dot.notation array
    # Author: Daniel Ferreira (@daniel0x00)
    # License: BSD 3-Clause

    # TODO: Support for Dictionary object.
    # In the meantime, Dictionaries must be casted into PSCustomObject like this: [PSCustomObject][Hashtable]$object

    <#
    .SYNOPSIS

daniel0x00

# Author: Will Schroeder (@harmj0y)  
# License: BSD 3-Clause  
# Web: http://www.harmj0y.net/blog/
#
# Original project: https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon


function Get-NetLocalGroupMember {
<#