Carlos Perez darkoperator
darkoperator
/ wp_irfuncs.ps1
Created
March 8, 2025 20:25
WordPress Plugin Version and Vuln Check Functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-WordPressPlugin { | |
| <# | |
| .SYNOPSIS | |
| Extracts WordPress plugin names and versions from a given plugin directory. | |
| .DESCRIPTION | |
| This function scans a given WordPress plugin directory, detects installed plugins, | |
| and extracts their names and versions from `readme.txt` or PHP files. |
darkoperator
/ FindAdvAuditGPOs.ps1
Created
December 17, 2024 13:08
Enumeation of Advance Audit Settings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sample script for enumerating all GPOs in a domain that set Advanced Auditing Settings and pulls the settings from SYSVOL | |
| # carlos_perez[at]darkoperator.com | |
| # Get domain information | |
| $domain = [adsi]'' | |
| # Convert DN to FQDN (e.g., "DC=contoso,DC=com" -> "contoso.com") | |
| $domainFQDN = $domain.distinguishedName[0].Split(',') | | |
| Where-Object { $_ -like "DC=*" } | | |
| ForEach-Object { $_.Substring(3) } | | |
| Join-String -Separator '.' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-PsgProcess { | |
| <# | |
| .SYNOPSIS | |
| Query the CIM Object database for a list of processes on a target host. | |
| .DESCRIPTION | |
| Query the CIM Object database for a list of processes on a target host. The function allows for | |
| filtering so as to better target the desired processes. | |
| .EXAMPLE | |
| PS C:\> Get-PsgProcess -CimSession (Get-CimSession -Id 2) -ExecutablePath "C:\\User" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <command> | |
| <a> | |
| <command>Get-Process</command> | |
| </a> | |
| </command> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function RunCalc() { | |
| var shell = WScript.CreateObject("WScript.Shell"); | |
| shell.Run("calc.exe"); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var shell = WScript.CreateObject("WScript.Shell"); | |
| shell.Run("calc.exe"); |
darkoperator
/ Invoke-VyOSCommand.ps1
Created
June 23, 2017 11:12
Function for Interacting with VyOS using Posh-SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Execute commands against VyOS. | |
| .DESCRIPTION | |
| Execute commands against VyOS using a SSHShellStream. | |
| #> | |
| function Invoke-VyOSCommand | |
| { | |
| [CmdletBinding()] | |
| [Alias()] |
darkoperator
/ Get-WinEventBaseXPathFilter.ps1
Created
August 12, 2016 23:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Generate xpath filters for fields on a specified Event Log Entry. | |
| .DESCRIPTION | |
| Parses Event Log Entries to make usable Windows Event log | |
| filtering xpath for Windows Event Filters and Windows Eventlog Forwarding | |
| .EXAMPLE | |
| PS C:\> Get-WinEventBaseXPathFilter -EventId 4624 -LogName security |
darkoperator
/ dangeconfig.xml
Created
July 30, 2016 02:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="2.10"> | |
| <HashAlgorithms>*</HashAlgorithms> | |
| <CheckRevocation></CheckRevocation> | |
| <EventFiltering> | |
| <ImageLoad onmatch="include"> | |
| <ImageLoaded condition="contains">System.Management.Automation.ni.dll</ImageLoaded> | |
| <ImageLoaded condition="contains">System.Management.Automation.dll</ImageLoaded> | |
| </ImageLoad> | |
| <ImageLoad onmatch="exclude"> | |
| <Image condition="is">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Image> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Html> | |
| <Head> | |
| <Title>Support Information</Title> | |
| <HTA:Application | |
| Caption = Yes | |
| Border = Thick | |
| ShowInTaskBar = Yes | |
| SingleInstance = Yes | |
| MaximizeButton = No |
NewerOlder