Conan ConanChiles
ConanChiles
/ Cert2TemplateName.ps1
Created
June 3, 2023 04:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version 'Latest' | |
| $ErrorActionPreference = 'Stop' | |
| $VerbosePreference = 'Continue' | |
| function fnCert2TemplateName { | |
| [CmdletBinding()] | |
| [OutputType([hashtable])] | |
| Param( | |
| [Parameter( Mandatory = $true )] |
ConanChiles
/ lolDrivers_FindMatches.ps1
Last active
June 29, 2023 14:26
search local system for known lolDrivers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 5.1 | |
| Set-StrictMode -Version 'latest' | |
| $ErrorActionPreference = 'stop' | |
| $DirPathDrivers = @( | |
| 'C:\WINDOWS\inf' | |
| 'C:\WINDOWS\System32\drivers' | |
| 'C:\WINDOWS\System32\DriverStore\FileRepository' | |
| ) |
ConanChiles
/ hashcat v6.2.6 benchmark Intel Arc A770M
Created
March 13, 2023 21:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hashcat.exe -I | |
| hashcat (v6.2.6) starting in backend information mode | |
| OpenCL Info: | |
| ============ | |
| OpenCL Platform ID #1 | |
| Vendor..: Intel(R) Corporation | |
| Name....: Intel(R) OpenCL HD Graphics | |
| Version.: OpenCL 3.0 |
ConanChiles
/ ProcessStartInfo.ps1
Last active
March 2, 2023 00:50
PowerShell ProcessStartInfo stdout stderr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version 'latest' | |
| $ErrorActionPreference = 'stop' | |
| $ProcessStartInfo = [System.Diagnostics.ProcessStartInfo]::new() | |
| $ProcessStartInfo.FileName = 'C:\Windows\System32\cmd.exe' | |
| $ProcessStartInfo.Arguments = '/c echo normal boring standard out && echo this is the error message 1>&2' | |
| $ProcessStartInfo.CreateNoWindow = $true | |
| $ProcessStartInfo.UseShellExecute = $false | |
| $ProcessStartInfo.RedirectStandardOutput = $true | |
| $ProcessStartInfo.RedirectStandardError = $true |
ConanChiles
/ CheckDisabledWinEventLogs.ps1
Last active
February 27, 2023 04:11
list disabled WinEventLogs, enable some
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| Set-StrictMode -Version 'latest' | |
| $ErrorActionPreference = 'stop' | |
| <# | |
| there's some weirdness here | |
| running as Administrator and/or SYSTEM gets the same results | |
| but this seems to get most of the way there | |
| the remainder dont't show up in eventvwr.msc so guessing there's something special/weird about how they're setup, maybe security related | |
| #> |
ConanChiles
/ ExchangeCluster Maintenance.ps1
Created
October 3, 2022 10:04
janky begins of a script for Exchange cluster maintenance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.microsoft.com/en-us/exchange/managing-database-availability-groups-exchange-2013-help | |
| # !! *** this isn't a "script" you can just run *** !! | |
| # more something to be ran manually in stages, with a human reading checking output before progressing | |
| # assumes each DAG has 2 members, will need to tweak for >2 members | |
| $ErrorActionPreference = 'stop' | |
| Set-StrictMode -Version 'latest' | |
| Add-PSSnapin -Name 'Microsoft.Exchange.Management.PowerShell.SnapIn' |
ConanChiles
/ ProxyNotShell_exchangePowerShell_BlockNonAdmins.ps1
Last active
October 26, 2022 12:39
ProxyNotShell - disable Exchange PowerShell access for all users, excluding Exchange admins (derived from Exchange roles)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# block non-Exchange admins from PowerShell access in Exchange | |
| ProxyNotShell | |
| CVE-2022-41040 | |
| CVE-2022-41082f | |
| some bypasses have been found for the IIS block rules. | |
| need to hard block PowerShell for those that don't **need** it. | |
| Exchange allows PowerShell by default, block by exception. Not ideal, but workable. |