Raimund Andrée [MSFT] raandree
🏠
raandree
/ Get-KerberosTickets.ps1
Created
February 15, 2022 10:53
Get all Kerberos tickets from all logon sessions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $sessions = klist sessions | |
| $pattern = '\[(\d+)\] Session \d \d:(?<LowPart>0)x(?<HighPart>[a-f0-9]+)' | |
| $sessions = foreach ($line in $sessions) | |
| { | |
| if ($line -match $pattern) | |
| { | |
| New-Object PSObject -Property @{ | |
| LowPart = $Matches.LowPart | |
| HighPart = $Matches.HighPart |
raandree
/ DsGetDcNameWin32Demo.ps1
Created
March 11, 2023 16:41
This script shows how to use a Win32 function (GetDcName) from PowerShell.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $code = @' | |
| using System; | |
| using System.Collections.Generic; | |
| using System.ComponentModel; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace Test |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $t1 = [datetime]::Today.AddHours(4).ToString('s') | |
| $e = $null | |
| $FilterXML = @" | |
| <QueryList> | |
| <Query Id="0" Path="Security"> | |
| <Select Path="Security"> | |
| (*[EventData[ | |
| Data[@Name="TargetDomainName"] != "Window Manager" and | |
| Data[@Name="TargetDomainName"] != "Font Driver Host" and | |
| Data[@Name="TargetDomainName"] != "NT AUTHORITY" |
raandree
/ Register-ScheduledTask2.ps1
Created
January 13, 2025 18:39
This script registers a scheduled job to run the specified script on a schedule. It can register the job to run as local system or as the user who called this script.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Registers a scheduled job to run the specified script on a schedule. | |
| .DESCRIPTION | |
| This script registers a scheduled job to run the specified script on a schedule. It can register the | |
| job to run as local system or as the user who called this script. | |
| .PARAMETER At | |
| The time at which the job should be triggered. The format is 24 hours like 21:00. |
OlderNewer