https://x.com/DirectoryRanger/status/1824986857093861396
https://x.com/endi24/status/1824904248217215268
Jason Adsit jasonadsit
jasonadsit
/ ediscovery-filter-logic.ps1
Last active
May 9, 2025 18:24
Some code to cull files for eDiscovery 🤷♂️
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $PathsToInventory = 'D:\','E:\','F:\','H:\','I:\','J:\' | |
| <# | |
| It's assumed that the sources are drive letters. | |
| It's also assumed that all files have been copied to the same | |
| root directory under a folders corresponding to their drive letters. | |
| The culling should have been done first but here we are :-) | |
| This may need to be refactored if UNC paths are used. | |
| Set-Location/cd into the working directory before you begin. | |
| #> |
jasonadsit
/ Monday Morning InfoSec Twitter Curated Link Dump (2024-08-19).md
Last active
August 19, 2024 17:30
Monday Morning InfoSec Twitter Curated Link Dump (2024-08-19)
jasonadsit
/ GetAllUserDefaultBrowsers.ps1
Created
November 22, 2022 17:44
GetAllUserDefaultBrowsers.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue 2>&1>$null | |
| Resolve-Path -Path HKU:\*\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice | ForEach-Object { | |
| $TheComputerName = $env:COMPUTERNAME | |
| $TheUserSID = $_.Path.Split('\')[1] | |
| $TheUserDefaultBrowser = $_ | Get-ItemPropertyValue -Name ProgId | |
| [pscustomobject][ordered]@{ | |
| ComputerName = $TheComputerName | |
| UserSID = $TheUserSID | |
| DefaultBrowser = $TheUserDefaultBrowser | |
| } |
These examples assume you're using my Get-TenablePluginOutput PowerShell function. You can load it from the web here:
$Content = Invoke-WebRequest -Uri https://gist.githubusercontent.com/jasonadsit/db19229634c788276419c5a4134a1b7e/raw/Get-TenablePluginOutput.ps1 | Select-Object -ExpandProperty Content
. ([scriptblock]::Create($Content))Also assumes you've already set your working directory to one with some .nessus files in it. ;-)
jasonadsit
/ enumerate-files-from-tenable-plugin-output.md
Last active
March 1, 2022 17:16
Enumerate Files from Tenable Plugin Output
These examples assume you're using my Get-TenablePluginOutput PowerShell function. You can load it from the web here:
$Content = Invoke-WebRequest -Uri https://gist.githubusercontent.com/jasonadsit/db19229634c788276419c5a4134a1b7e/raw/Get-TenablePluginOutput.ps1 | Select-Object -ExpandProperty Content
. ([scriptblock]::Create($Content))Also assumes you've already set your working directory to one with some .nessus files in it. ;-)
jasonadsit
/ cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.json
Created
June 22, 2021 21:01
cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [{"RecommendationNumber":"18.9.102.1.2","CISv7SubControl":"2.4"},{"RecommendationNumber":"18.9.16.4","CISv7SubControl":"2.6"},{"RecommendationNumber":"18.9.102.1.1","CISv7SubControl":"2.6"},{"RecommendationNumber":"18.8.22.1.2","CISv7SubControl":"2.7"},{"RecommendationNumber":"18.9.45.14","CISv7SubControl":"2.7"},{"RecommendationNumber":"18.8.4.1","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.17.1","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.2","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.3","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.4","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.5","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.1.3","CISv7SubControl":"3.4"},{"RecommendationNumber":"2.2.21","CISv7SubControl":"4.1"},{"RecommendationNumber":"2.2.22","CISv7SubControl":"4.1"},{"RecommendationNumber":"2.2.6","CISv7SubControl":"4.3"},{"RecommendationNumber":"18.3.1","CISv7SubControl":"4.3"},{"RecommendationNumber":"18.5.11.4","CISv7Sub |
jasonadsit
/ cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.csv
Created
June 22, 2021 20:46
cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.csv
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RecommendationNumber | CISv7SubControl | |
|---|---|---|
| 18.9.102.1.2 | 2.4 | |
| 18.9.16.4 | 2.6 | |
| 18.9.102.1.1 | 2.6 | |
| 18.8.22.1.2 | 2.7 | |
| 18.9.45.14 | 2.7 | |
| 18.8.4.1 | 3.4 | |
| 18.9.17.1 | 3.4 | |
| 18.9.102.2 | 3.4 | |
| 18.9.102.3 | 3.4 |
jasonadsit
/ log-forwarding-with-etw.ps1
Created
June 9, 2021 14:21
— forked from ajpc500/log-forwarding-with-etw.ps1
Quick-and-dirty PowerShell script to install Sysmon (SwiftOnSecurity config), SilkService and Winlogbeat, and forward logs to HELK based on IP set in environment variable "HELK_IP" (see Line 233).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $wc = New-Object System.Net.WebClient | |
| if (!(Test-Path "C:\Tools")) { | |
| New-Item -Path "C:\" -Name "Tools" -ItemType "directory" | |
| } | |
| # SYSMON | |
| # Download Sysmon | |
| $SysmonDirectory = "C:\Tools\Sysmon\" |
jasonadsit
/ TenablePluginTextParsing.ps1
Last active
February 23, 2022 16:22
TenablePluginTextParsing.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-TenablePluginOutput -PluginID $PluginID | ForEach-Object { | |
| $IpAddress = $_.IpAddress | |
| $NetBiosName = $_.NetBiosName | |
| $_.PluginOutput -split "`n`n" | Where-Object { $_ -cmatch '<Block matching regex>' } | ForEach-Object { | |
| $Lines = $_ -split "`n" | ForEach-Object { $_.Trim() } | |
| $EachOne = @{} | |
| $Lines | ForEach-Object { | |
| $Key = ($_ -split '\s:\s')[0].Trim() | |
| $Value = ($_ -split '\s:\s')[-1].Trim() | |
| $EachOne.Add($Key,$Value) |
NewerOlder