maravedi
/ ExcelExtractUTCTime.txt
Created
January 17, 2019 16:44
Formulas to split up a UTC timestamp into date and time
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Say you have this timestamp: 2019-01-17T14:04:47.4927812 | |
| Say you want to split it up in Excel (you can't use a PowerShell ALL the time, right?), then here's what I figured out. | |
| Assumptions: | |
| The timestamp is in the first column, and has a header. For this example, it's in cell A2. | |
| To get the date: | |
| =LEFT(A2,10) |
maravedi
/ RemoveLinks.gs
Created
December 12, 2018 22:24
Remove Links From Google Doc Selected Text
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function myFunction() { | |
| var doc = DocumentApp.getActiveDocument(); | |
| var selection = doc.getSelection(); | |
| var ui = DocumentApp.getUi(); | |
| if (!selection) { | |
| ui.alert( "No current selection"); | |
| } | |
| else { | |
| var elements = selection.getSelectedElements(); | |
| for each(var element in elements) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script takes either a specific date or a number of days, weeks, or months to determine how many and, optionally, which AD accounts were created since that point in time. | |
| .DESCRIPTION | |
| This script has two methods of calculating a date, and it depends on which parameters are used when running it. | |
| The first method is using a relative number of, days, weeks, or months. These can be combined as well. | |
| The second method is using a specific date. If this method is used, then any of the relative date parameters are ignored. | |
| .PARAMETER DaysBack |
maravedi
/ So-Allow.ps1
Created
September 28, 2018 13:20
PowerShell Script for Security Onion to Automate so-allow from an Analyst Workstation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| A PowerShell script to automate whitelisting a device on the master Security Onion server. | |
| .DESCRIPTION | |
| If your analyst workstation is constantly changing IPs, it might be a little annoying to SSH into the master Security Onion server every time to interactively whitelist your new IP. Here's a way to cut off a couple of the steps to achieve just that, using PowerShell and Plink.exe. Make sure to modify the parameters according to your environment and analyst workstation's network interface. | |
| .PARAMETER Servers | |
| Specify as many servers as you would like this whitelist command to be run on. However, if the usernames or passwords are different across the servers, then the command will fail to authenticate. | |
| .PARAMETER InterfaceAlias | |
| Specify the network interface to extract the IP address from. This is useful when you know the interfance is always the same, but the IP address is subject to change. | |
| .PARAMETER LocalIP |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I had a usecase where I needed to serve up a tarball to be downloaded by clients over HTTP on a custom port. | |
| # Here's how I achieved it using Python3 and crontab | |
| # NOTE: If your server already allows port 80, then you don't even need to do this. Just put the file in the /var/www directory. | |
| # However, my server only allows ports 443 and 80 for specific hosts, so I came up with this solution as an alternative to having | |
| # to constantly update that whitelist, while maintaining the security of any of the web apps on the server. | |
| # NOTE: Make sure you allow the specified port to be accessible to any networks that may need it. | |
| # In this example, I'm using port 9655, so I allowed it using ufw like so: | |
| # sudo ufw allow from 192.168.0.0/16 to any port 9655 proto tcp |
maravedi
/ WindowsServicesNetworkScan.ps1
Created
September 20, 2018 16:10
PowerShell Oneliner to Scan Servers based on Windows Services
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script relies on a CSV file created from a seperate oneliner here: https://gist.github.com/maravedi/ab9b8ae711fbe809016a76a73b7f8790 | |
| "Service,Protocol,Server,Address`n$(cat .\services_clean.txt | ConvertFrom-CSV | % { $Row = (nslookup -type=SRV _$($_.Service)_.$($_.Protocol).$($env:USERDNSDOMAIN) 2>$Null) -Split "\r"; $Server = $Row[0] -Split "\s+" | Select -Skip 1; $Address = $Row[1] -Split "\s+" | Select -Skip 1;"$($_.Service),$($_.Protocol),$(($Server).Trim()),$(($Address).Trim())`n"})" | Out-File servers.txt |
maravedi
/ WindowsServices.ps1
Created
September 20, 2018 15:41
PowerShell Onliner to Create a CSV of Windows Services and their IP Protocol
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Service,Protocol`n$((cat C:\Windows\System32\drivers\etc\services) | % { If($_ -notlike "#*" -And $_) { $Row = $_ -Split '\s+' | Select -First 2 }; $Service = $Row | Select -first 1; $Protocol = ($Row | Select -Skip 1) -Split "/" | Select -Skip 1; "$Service,$Protocol`n" } | Select -Uniq | Sort)" | Out-File services_clean.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Average { | |
| Begin { | |
| $Average = $Null | |
| $Count = 0 | |
| } | |
| Process { | |
| $Average += $_ | |
| $Count++ | |
| } | |
| End{ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Length { | |
| Return ([String]$_).Length | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Count { | |
| Begin { $Count = 0 } | |
| Process { $Count++ } | |
| End { Return $Count } | |
| } |