mbrownnycnyc
mbrownnycnyc
/ get-ipvoid.ps1
Created
November 8, 2015 16:09
scraping script for ipvoid... using straight substrings, not traversing the tree
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $postParams = @{ip='63.117.14.24'} | |
| $request = Invoke-WebRequest -Uri http://www.ipvoid.com -Method POST -Body $postParams -UseBasicParsing | |
| $innerxml = ($request.Content -split "<table class=`"table table-striped table-bordered`"") | |
| $results = $innerxml[2] -split "<tr>" | |
| #results[2] starts table | |
| #results[41] ends table (but also includes rest of the page) | |
| $i = 0 | |
| $IPVoidResults = "" | select Engine,Result |
mbrownnycnyc
/ disable-offlinefiles.ps1
Created
November 18, 2015 16:12
oneliner to disable offline files on a target machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ([wmiclass]"\\$computer\root\cimv2:win32_offlinefilescache").enable($false) |
mbrownnycnyc
/ windowsupdateclientreset.bat
Last active
November 20, 2015 15:43
Full windows update client reset, when all else fails.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem https://support.microsoft.com/en-us/kb/971058?wa=wsignin1.0 | |
| net stop bits | |
| net stop wuauserv | |
| net stop appidsvc | |
| net stop cryptsvc | |
| del /f /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" | |
| ren %systemroot%\SoftwareDistribution %systemroot%\SoftwareDistribution.bak | |
| ren %systemroot%\system32\catroot2 %systemroot%\catroot2.bak | |
| sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) |
mbrownnycnyc
/ get-maillog_results.ps1
Last active
December 16, 2015 21:21
A (mostly not done) set of parsers for Ironport maillog files to extract some info. Purpose is to prove the usefulness of enabling SPF and RDNS protections.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --info-- | |
| RDNS lookups are performed and the results affect delivery is configured in the ironport by default (results can be reviewed in the maillog). | |
| The SPF checks: | |
| pra: primarily protects against phishing and new spam campaigns. | |
| mailfrom: primarily protects against spoofing. | |
| helo: not really that useful. | |
| The SPF check result meanings: |
mbrownnycnyc
/ networkloadbalancing-core-diagnostic.events.man
Last active
July 1, 2016 15:20
MSFT written, but unsupported Network load balancer Event Tracing for Windows (ETW) definition file. see https://blogs.msdn.microsoft.com/clustering/2010/01/06/networkloadbalancing-core-diagnostic-events-man/ and https://blogs.msdn.microsoft.com/clustering/2010/01/06/network-load-balancing-in-r2-using-etw-tracing/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0' encoding='utf-8' standalone='yes'?> | |
| <!-- http://blogs.msdn.com/b/clustering/archive/2010/01/07/9944942.aspx | |
| install with: wevtutil im networkloadbalancing-core-diagnostic.events.man | |
| uninstall with: wevtutil im networkloadbalancing-core-diagnostic.events.man | |
| view stats: wevtutil gli Microsoft-Windows-NLB/Diagnostic | |
| to start: wevtutil sl Microsoft-Windows-NLB/Diagnostic /e:true /q | |
| to stop: wevtutil sl Microsoft-Windows-NLB/Diagnostic /e:false /q | |
| view events as a text file first stop the provider and then use: wevtutil qe Microsoft-Windows-NLB/Diagnostic /f:text > events.txt | |
| --> |
mbrownnycnyc
/ ssrs-readyrefresh.ps1
Created
December 14, 2015 17:11
SSRS warmer-upper... inspired by http://www.pawlowski.cz/2011/07/solving-issue-long-starting-report-ssrs-2008/#comment-307
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #schtasks /create /tn "SSRS Recycle" /ru UserName /rl highest /np /sc daily /sd 08/01/2011 /st 02:00 /tr "powershell.exe -noprofile -executionpolicy RemoteSigned -file c:scriptsSSRSRecycle.ps1" | |
| #http://www.pawlowski.cz/2011/07/solving-issue-long-starting-report-ssrs-2008/#comment-307 | |
| $wc = new-Object System.Net.WebClient | |
| $httpRequest = [System.Net.HttpWebRequest]::Create("http://localhost/Reports/Pages/Folder.aspx") | |
| $httpRequest.Credentials =[System.Net.CredentialCache]::DefaultCredentials | |
| $httpRequest.UnsafeAuthenticatedConnectionSharing = "true" | |
| $httpRequest.Method = "GET" | |
| # https://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.timeout%28v=vs.110%29.aspx | |
| #set timeout to 10 mins | |
| $httpRequest.Timeout = 600000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| http://community.netapp.com/t5/Microsoft-Cloud-and-Virtualization-Discussions/SnapMirror-log-parser/td-p/43703 | |
| Produce a CSV file from a specified controller snapmirror.log | |
| .Description | |
| Produce a CSV file from a specified controller snapmirror.log | |
| .Parameter Controller | |
| Storage controller which to retrieve logs from, either provide this parameter or the UseLocalLogFile parameter | |
| .Parameter Out | |
| Optional output file name. If not specified, output file will be in current folder |
mbrownnycnyc
/ moloch-elasticsearch.conf
Last active
March 4, 2016 21:40
moloch upstart script for ElasticSearch from Google Groups post https://groups.google.com/forum/#!topic/moloch-fpc/ImhLjuN7RkM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description "Upstart configuration for ElasticSearch" | |
| #copy /etc/init/moloch-elasticsearch.conf | |
| # When to start the service | |
| start on started network | |
| # When to stop the service | |
| stop on runlevel [016] | |
| # Automatically restart the process if crashed |
mbrownnycnyc
/ moloch-capture.conf
Created
March 4, 2016 21:26
moloch upstart script for moloch node.js capture process from Google Groups post https://groups.google.com/forum/#!topic/moloch-fpc/ImhLjuN7RkM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description "Upstart configuration for Capture" | |
| #copy to /etc/init/moloch-capture.conf | |
| # When to start the service | |
| start on (started network and started moloch-elasticsearch) | |
| # When to stop the service | |
| stop on stopping moloch-elasticsearch | |
| # Automatically restart the process if crashed |