Skip to content

Instantly share code, notes, and snippets.

View sassdawe's full-sized avatar
💭
Playing PowerShell

David Sass sassdawe

💭
Playing PowerShell
View GitHub Profile
@sassdawe
sassdawe / function-mandatoryUserBoolParam.ps1
Created October 14, 2023 09:30
Mandatory user provided parameter in PowerShell
function mandatoryUserBoolParam {
param(
[Parameter(Mandatory=$true)]
[ValidateSet("true","false","1","0","yes","no","y","n")]
[string]$param
)
$boolParam = $false
switch ($param.ToLower()) {
"true" { $boolParam = $true }
@sassdawe
sassdawe / PresentLight.json
Last active December 15, 2025 14:02
A light theme for Windows Terminal designed for the big screen!
{
"background": "#F9F9F9",
"black": "#AB3D2C",
"blue": "#275FE4",
"brightBlack": "#C21458",
"brightBlue": "#0099E1",
"brightCyan": "#7B86BB",
"brightGreen": "#3D942E",
"brightPurple": "#CE33C0",
"brightRed": "#FF0308",
@sassdawe
sassdawe / ThrowStdOutErrors.ps1
Created November 15, 2022 10:22 — forked from JustinGrote/ThrowStdOutErrors.ps1
Catch only specific errors coming from native commands
filter ThrowStdOutErrors($messageFilter,[Parameter(ValueFromPipeline)]$obj) {
if ($obj -is [Management.Automation.ErrorRecord]) {
if ($obj -match $messageFilter) {
throw $obj
} else {
Write-Error $obj
return
}
}
$obj
@sassdawe
sassdawe / az.profile.ps1
Created July 4, 2022 15:21
Az.Resources helper
$PSDefaultParameterValues["Get-AzADUser:Select"] = @("DisplayName", "Id", "UserPrincipalName", "UserType", "AccountEnabled")
@sassdawe
sassdawe / Write-FunctionError.ps1
Created July 4, 2022 06:09 — forked from JustinGrote/Write-FunctionError.ps1
Write an Error within a function in a nice way that displays the context of the function rather than the "Write-Error" context
using namespace System.Management.Automation
using namespace Microsoft.PowerShell.Commands
function Write-FunctionError {
<#
.SYNOPSIS
Writes an error within the context of the containing CmdletBinding() function. Makes error displays prettier
.NOTES
ScriptStackTrace will still show Write-FunctionError, so its not completely transparent. There's no way to "edit" or "replace" this stacktrace that I can find.
.EXAMPLE
function test {
@sassdawe
sassdawe / ms-msdt.MD
Created May 30, 2022 14:34 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@sassdawe
sassdawe / Update-FunctionsFromModule.ps1
Created May 24, 2022 17:40
Turn a monolit PowerShell module into multiple files for easier editing
$module = "module name"
$folder = "destination folder"
(((Get-Module $module).ExportedFunctions).Values.GetEnumerator()) | Foreach-Object {
"function $($_.Name) { `n $($_.definition)`n}" > "$folder\function-$($_.name).ps1"
}
@sassdawe
sassdawe / Trace-AICommand.ps1
Created May 23, 2022 12:00 — forked from JustinGrote/Trace-AICommand.ps1
Report the results and performance of any scriptblock to Azure Application Insights
#requires -version 7
#You can load this script with $(iwr https://tinyurl.com/TraceAICommand | iex)
using namespace Microsoft.ApplicationInsights
using namespace Microsoft.ApplicationInsights.Extensibility
using namespace Microsoft.ApplicationInsights.DataContracts
using namespace System.Management.Automation
using namespace System.Collections.Generic
using namespace System.Net
#Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/console
@sassdawe
sassdawe / webcam.ps1
Created April 19, 2022 19:06 — forked from quantumcore/webcam.ps1
Powershell Script to Record Webcam and output the .AVI file to a base64 file.
# Taken from : https://github.com/EmpireProject/Empire/blob/master/lib/modules/powershell/collection/WebcamRecorder.py
function Start-WebcamRecorder
{
<#
.SYNOPSIS
This function utilizes the DirectX and DShowNET assemblies to record video from the host's webcam.
Author: Chris Ross (@xorrior)
License: BSD 3-Clause
.DESCRIPTION
This function will capture video output from the hosts webcamera. Note that if compression is available, there isn't
@sassdawe
sassdawe / Protect-FromMyself.ps1
Created March 18, 2022 22:06
Let's make PowerShell paranoid!
function Protect-FromMyself {
<#
.SYNOPSIS
Protect-FromMyself
.DESCRIPTION
Protect-FromMyself will turn on `-WhatIf` for all comdlets that support it. To help protect against accidental changes.
.NOTES
.LINK
#>
[CmdletBinding()]