Jordan Borean jborean93
jborean93
/ Get-SMBIOSData.ps1
Last active
December 11, 2022 22:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @' | |
| using System; | |
| using System.ComponentModel; | |
| using System.Runtime.InteropServices; | |
| namespace SMBIOS | |
| { | |
| public enum FirmwareProvider : uint | |
| { | |
| ACPI = 0x41435049, |
jborean93
/ macOS-CommandLine.ps1
Created
December 2, 2022 07:16
Get the Command Line of a process on macOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -CompilerOptions '/unsafe' -TypeDefinition @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| namespace macOS | |
| { | |
| public static class Native | |
| { | |
| [DllImport("libc", SetLastError = true)] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Copy-ToFtp { | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory = $true)] | |
| [System.String] | |
| $Path, |
jborean93
/ Get-TlsCipherSuite.ps1
Created
November 3, 2022 02:38
Basic replacement for Get-TlsCipherSuite for older OS versions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-TlsCipherSuite { | |
| <# | |
| .DESCRIPTION | |
| Get a list of enabled TLS cipher suites for the server. | |
| This is like the Get-TlsCipherSuite cmdlet but works on older Windows | |
| versions. | |
| #> | |
| [OutputType([string])] | |
| param () |
jborean93
/ Remove-FileEntry.ps1
Last active
July 1, 2023 21:03
Removes a file/dir using direct Win32 calls
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @' | |
| using System; | |
| using System.Collections.Generic; | |
| using System.ComponentModel; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace Kernel32 | |
| { | |
| public enum FileInfoLevel |
jborean93
/ tls-keylogger.ps1
Last active
February 11, 2025 23:09
Logs Wireshark compatible TLS keys like the SSLKEYLOGFILE env var
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Module PSDetour | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $LogPath | |
| ) | |
| $LogPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($LogPath) |
jborean93
/ Get-SMBApplicationKey.ps1
Last active
October 12, 2022 19:44
Gets the SMB2 Application Key from a Logon Session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| <# Example Code to Run on the Server | |
| $pipeServer = [System.IO.Pipes.NamedPipeServerStream]::new("jordan-test", [System.IO.Pipes.PipeDirection]::InOut) | |
| $pipeServer.WaitForConnection() | |
| try { | |
| $tokenStat = Get-NamedPipeClientStatistics -Pipe $pipeServer | |
| $appKey = Get-SMBApplicationKey -LogonId $tokenStat.AuthenticationId | |
| [System.Convert]::ToBase64String($appKey.Applicationkey) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Get-LogonSessionData { | |
| <# | |
| .SYNOPSIS | |
| Get LSA logon session data. | |
| .DESCRIPTION | |
| Get the logon session information for all or a specific logon session or specific process logon sessions. |
jborean93
/ Get-WTSSessionInfo.ps1
Last active
March 26, 2024 14:49
Tries to replicate qwinsta but return structured objects
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Get-WTSSessionInfo { | |
| <# | |
| .SYNOPSIS | |
| Enumerates sessions on a Windows host. | |
| .DESCRIPTION | |
| Enumerates all the sessions available on a Windows host through the WTSEnumerateSessionsExW API. |
jborean93
/ Trace-TlsHandshake.ps1
Last active
December 7, 2023 14:49
Debug TLS Handshakes using .NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Trace-TlsHandshake { | |
| <# | |
| .SYNOPSIS | |
| TLS Handshake Diagnostics. | |
| .DESCRIPTION | |
| Performs a TLS handshake and returns diagnostic information about that |