Carlos Perez darkoperator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-PsgProcess { | |
| <# | |
| .SYNOPSIS | |
| Query the CIM Object database for a list of processes on a target host. | |
| .DESCRIPTION | |
| Query the CIM Object database for a list of processes on a target host. The function allows for | |
| filtering so as to better target the desired processes. | |
| .EXAMPLE | |
| PS C:\> Get-PsgProcess -CimSession (Get-CimSession -Id 2) -ExecutablePath "C:\\User" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <command> | |
| <a> | |
| <command>Get-Process</command> | |
| </a> | |
| </command> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function RunCalc() { | |
| var shell = WScript.CreateObject("WScript.Shell"); | |
| shell.Run("calc.exe"); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var shell = WScript.CreateObject("WScript.Shell"); | |
| shell.Run("calc.exe"); |
darkoperator
/ Invoke-VyOSCommand.ps1
Created
June 23, 2017 11:12
Function for Interacting with VyOS using Posh-SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Execute commands against VyOS. | |
| .DESCRIPTION | |
| Execute commands against VyOS using a SSHShellStream. | |
| #> | |
| function Invoke-VyOSCommand | |
| { | |
| [CmdletBinding()] | |
| [Alias()] |
darkoperator
/ Get-WinEventBaseXPathFilter.ps1
Created
August 12, 2016 23:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Generate xpath filters for fields on a specified Event Log Entry. | |
| .DESCRIPTION | |
| Parses Event Log Entries to make usable Windows Event log | |
| filtering xpath for Windows Event Filters and Windows Eventlog Forwarding | |
| .EXAMPLE | |
| PS C:\> Get-WinEventBaseXPathFilter -EventId 4624 -LogName security |
darkoperator
/ dangeconfig.xml
Created
July 30, 2016 02:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="2.10"> | |
| <HashAlgorithms>*</HashAlgorithms> | |
| <CheckRevocation></CheckRevocation> | |
| <EventFiltering> | |
| <ImageLoad onmatch="include"> | |
| <ImageLoaded condition="contains">System.Management.Automation.ni.dll</ImageLoaded> | |
| <ImageLoaded condition="contains">System.Management.Automation.dll</ImageLoaded> | |
| </ImageLoad> | |
| <ImageLoad onmatch="exclude"> | |
| <Image condition="is">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Image> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Html> | |
| <Head> | |
| <Title>Support Information</Title> | |
| <HTA:Application | |
| Caption = Yes | |
| Border = Thick | |
| ShowInTaskBar = Yes | |
| SingleInstance = Yes | |
| MaximizeButton = No |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Embed a DLL so as to add the library necessary to perform DNS Queries. | |
| $EncodedCompressedFile = @' | |
| xL0HfBzFFT8+t3u3ezpJlk6y91Rs3xkwnLWybFmUc8GWAZseTC8GXGkGfCBBKLbAIZQALhgcijHNYNMhgMH0HgIhhC5AxCSQ3hNCQiiWf+/7pu1JMuT3//w+n79hdbtv+sybN2/ee/Nm/6OuEK4QIk7Pli1CPCrkv3bx7f+W0DMo+/ggsaHstRGPxvZ7bcQhJ57UmTuto3hCx5xTc/PmLFxYPCM397hcx5kLcyctzO1xwMG5U4vzj2uprExtp/KYMU2I/WKuaDvvj/vofH8lnBHlsaQQVztCVEhYy8P0nqOXZx1ZO7w7st5C2F+B1hD81t879NN+kRDV/L/9NT/8750NjjhcyHyvKBugkb9ydBX+7/5R/ZKRzyR97xX5bjnjuLPPoN8df6jahbY6/bKY3dLR2TGP3rluaHuKfq8tjdhO/7d0HHdKcZ7qrl+pvNb2i7db32pWPyzjoG6OSIgnt8TE7A1C6K4YSv0DnJiRk+P9bf/afrBH7vXvvbs83He3rmHZd148ouvUeTuuX/vn9tXrH/NXPDH8pZqGKZN3Gvl4256fbHNC0/3VH6869MV1N8/e8tCEc34/7Sfzrnrwxrpbe04/PplcuumVp098KFPc/8Lph15zUv77Fb/Z944J178xZt8/LTtu8sh7/j706Os/XjbnzmOPez299z1PuBcce87snjn31NeOjQlf1cXJf4/6q0nUjnXEIA0byUC3K0Y40yRESfxFEliaxwSVRxRWYWCegnV86IvTOL+EwS+nYfDgwXkaMC9fTn+aSsLcbwqL9wlzxVCqGv2fDkf1VsTENKDWMfTsS09Iz7P03ETPqfScT0+ank7Cay+VQ617B8VE+JLjLV5ADczkf+AIb3Qu5+iQe0IRxmIdOyXFaR1H0p/OemrfubmYDl/qNrTslhPqs3D |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible") | |
| $s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID } | |
| $d = $s2.DeviceObject + "\" | |
| cmd /c mklink /d C:\scpy "$d" | |
| New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs | |
| $s2.Delete() | |
| Remove-Item -Path C:\scpy -Force | |
| Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml | |
| ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin | |
| Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force |
NewerOlder