zaneGittins · August 5, 2019 21:20
diff --git a/StompTime.ps1 b/StompTime.ps1
 # Author: (@ZGittins, https://github.com/zaneGittins)
 # Useful PowerShell cmdlet for penetration tests which involve maintaining persistence & lateral movement.
 # This script uses a reference file - Why? It is easy to flag a file as an anomoly if all the nanoseconds are zero'd out.
 function Set-StompedTime {
    [CmdletBinding()]
    param([Parameter(Mandatory=$true)][string]$TargetPath)
    $TargetFile = Get-Item $TargetPath
    $ParentDirectory = $Item.Parent
    $SiblingFiles = Get-Childitem $ParentDirectory
    $SiblingFiles = $SiblingFiles | Where-Object { $_ –ne $TargetFile }
    $ChosenSibling = Get-Random -InputObject $SiblingFiles
    $TargetFile.LastWriteTime = $ChosenSibling.LastWriteTime
    $TargetFile.LastAccessTime = $ChosenSibling.LastAccessTime
    $TargetFile.CreationTime = $ChosenSibling.CreationTime
 }
	# Author: (@ZGittins, https://github.com/zaneGittins)
	# Useful PowerShell cmdlet for penetration tests which involve maintaining persistence & lateral movement.
	# This script uses a reference file - Why? It is easy to flag a file as an anomoly if all the nanoseconds are zero'd out.
	function Set-StompedTime {
	[CmdletBinding()]
	param([Parameter(Mandatory=$true)][string]$TargetPath)
	$TargetFile = Get-Item $TargetPath
	$ParentDirectory = $Item.Parent
	$SiblingFiles = Get-Childitem $ParentDirectory
	$SiblingFiles = $SiblingFiles \| Where-Object { $_ –ne $TargetFile }
	$ChosenSibling = Get-Random -InputObject $SiblingFiles
	$TargetFile.LastWriteTime = $ChosenSibling.LastWriteTime
	$TargetFile.LastAccessTime = $ChosenSibling.LastAccessTime
	$TargetFile.CreationTime = $ChosenSibling.CreationTime
	}