xtrasimplicity’s gists

xtrasimplicity / data_source.ps1

Created May 24, 2024 05:15

Action1 - Directory Services Registration state - Parse the output of dsregcmd /status

	$raw = dsregcmd /status
	$result = New-Object -TypeName psobject

	function Sanitise-For-Property-Name($str) {
	return $str.Trim().Replace(" ", "_");
	}

	$sectionName = ""
	foreach($line in $($raw -split "`r`n")) {

xtrasimplicity / gist:8387a4178100375910fd031130a53657

Last active May 21, 2024 05:46

Carbon Black Cloud Sensor - Agent removal

	$ErrorActionPreference = "Stop" # This prevents the registry key from being removed if it couldn't be backed up.

	$name = "Carbon Black Cloud Sensor"
	$cbProducts = Get-ChildItem "Registry::HKEY_CLASSES_ROOT\Installer\Products" \| Where { $_.GetValue('ProductName') -imatch $name }
	$regBackups = New-Object System.Collections.ArrayList

	function Base64-Encode($file) {
	$fileContent = Get-Content -Path $file -Raw
	[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($fileContent));
	}

xtrasimplicity / data_source.ps1

Created April 23, 2024 00:57

Action1 - Installed Web Browser Extensions (Data Source)

	# Find all user profiles
	$users = Get-ChildItem C:\Users -Directory -Exclude 'Public', 'Default'

	function Get-Extension-Name-For-Edge($extensionId) {
	$url = "https://microsoftedge.microsoft.com/addons/detail/$($extensionId)"

	$WebRequest = Invoke-WebRequest -Uri $url -ErrorAction Stop -UseBasicParsing

	if ($WebRequest.StatusCode -ne 200) {
	return "Unknown - $($extensionId)";

xtrasimplicity / gist:88b9e4b8269ede9cce42b2224ba172f0

Last active April 19, 2024 00:30

Action1 - Apps that are not updateable by Action1 (Data Source)

	$action1supportedApps = @("1Password",
	"7-Zip",
	"Adobe Acrobat Reader DC",
	"Adobe Acrobat Reader DC MUI",
	"Adobe AIR",
	"Adobe Animate 2023",
	"Adobe Animate 2024",
	"Adobe Audition 2023",
	"Adobe Audition 2024",
	"Adobe Bridge 2023",

xtrasimplicity / gist:0513c55c98fa030184039b63dc304d30

Created March 29, 2023 23:23

CVE-2023-23397 - Outlook Elevation of Privilege vulnerability

	# Devices joined to a domain, which receive these via GPO
	netsh advfirewall firewall show rule name="Outbound SMB: Allow to LAN" type=dynamic >nul \|\| netsh advfirewall firewall add rule name="Outbound SMB: Allow to LAN" protocol=TCP remoteip="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" remoteport=445 action=allow dir=out
	netsh advfirewall firewall show rule name="Outbound SMB: Block All" type=dynamic >nul \|\| netsh advfirewall firewall add rule name="Outbound SMB: Block All" protocol=TCP remoteip=any remoteport=445 action=block dir=out
	netsh advfirewall set allprofiles state on
	netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound


	# Devices NOT joined to a domain, or which don't receive these via GPO
	netsh advfirewall firewall show rule name="Outbound SMB: Allow to LAN" >nul \|\| netsh advfirewall firewall add rule name="Outbound SMB: Allow to LAN" protocol=TCP remoteip="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" remoteport=445 action=allow dir=out
	netsh advfirewall firewall show rule name="Ou

xtrasimplicity / script.ps1

Created August 19, 2020 03:04

PowerShell: Automatically remove Disabled users from an array of groups

	# Define the groups to work with
	$groups = @("My AD Group Name", "My other AD Group Name");

	foreach($groupName in $groups) {
	$members = Get-ADGroupMember -Identity $groupName \| Where { $_.objectClass -eq "user" }

	foreach($member in $members) {
	$user = Get-ADUser -Identity $member.SamAccountName -Properties Enabled

	if ($user.Enabled -eq $false) {

xtrasimplicity / dmesg.txt

Created February 12, 2020 03:51

dmesg output (filtered by evdi and drm) for https://github.com/DisplayLink/evdi/issues/186

	[ 5619.089195] evdi: [V] copy_primary_pixels:164 copy rect 0,0-2560,1440
	[ 5619.097472] [drm:drm_ioctl [drm]] pid=13097, dev=0xe202, auth=1, EVDI_REQUEST_UPDATE
	[ 5619.097476] evdi: [V] evdi_painter_request_update_ioctl:883 Painter lock
	[ 5619.097477] evdi: [V] evdi_painter_request_update_ioctl:896 Painter unlock
	[ 5619.106633] [drm:evdi_map_dma_buf [evdi]] [DEV:0000:00:02.0] size:14745600 dir=0
	[ 5619.107606] evdi: [V] evdi_painter_set_scanout_buffer:943 Painter lock
	[ 5619.107608] evdi: [V] evdi_painter_set_scanout_buffer:948 Painter unlock
	[ 5619.107624] evdi: [V] evdi_painter_mark_dirty:494 Painter lock
	[ 5619.107626] evdi: [V] evdi_painter_mark_dirty:504 (dev=1) 0,0-2560,1440
	[ 5619.107627] evdi: [V] evdi_painter_mark_dirty:519 Painter unlock

xtrasimplicity / Dockerfile

Last active January 8, 2022 01:25

Thinking Sphinx + Rails + Docker

	FROM debian AS build
	WORKDIR /tmp
	RUN apt-get update && \
	apt-get install --no-install-recommends -y curl && \
	curl http://sphinxsearch.com/files/sphinx-3.2.1-f152e0b-linux-amd64.tar.gz -o sphinx.tar.gz && \
	mkdir sphinx && \
	tar xfz sphinx.tar.gz -C sphinx/ && \
	rm sphinx.tar.gz && \
	rm -rf /var/lib/apt/lists/*

xtrasimplicity / securepay_au_directpost_fingerprint_example.rb

Last active June 1, 2018 09:14

Generating a fingerprint for SecurePay Australia's DirectPost integration.

	require 'openssl'
	raw_fingerprint = [merchant_id, merchant_password, transaction_type, reference_id, amount, timestamp].join('\|')

	digest = OpenSSL::Digest.new('sha256')

	fingerprint = OpenSSL::HMAC.hexdigest(digest, merchant_password, raw_fingerprint)

xtrasimplicity / papercut_os-x_automated_launchd_deployment.rb

Last active June 1, 2018 09:21

Automated Launchd plist file deployment for the PaperCut OS X client. (Automates https://www.papercut.com/kb/Main/MacClientStartupWithLaunchd)

	#!/usr/bin/env ruby
	require 'fileutils'

	abort "You must run this command as root." unless Process.uid === 0

	PLIST_FILE = 'com.papercut.client.plist'.freeze # The path to your com.papercut.client.plist file
	PLIST_DESTINATION_PATH = '/Library/LaunchAgents/'.freeze

	puts "Deploying launch configuration..."
	puts "---> Copying plist file to #{PLIST_DESTINATION_PATH}..."

Andrew xtrasimplicity