Fabian Bader f-bader
f-bader
/ GetTracelogProviderSecurity.ps1
Created
January 3, 2025 19:03
— forked from olafhartong/GetTracelogProviderSecurity.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### USAGE: | |
| ### | |
| ### GetTracelogProviderSecurity.ps1 (to get all provider info) | |
| ### | |
| ### GetTracelogProviderSecurity.ps1 -ProviderName f2e68291-2367-5d51-3488-46f7a0e3f2cf | |
| ### (to get the info for 1 provider guid) | |
| ## | |
| # | |
| # Provider: f2e68291-2367-5d51-3488-46f7a0e3f2cf | |
| # Control Flags: 45076 |
StartAutomating
/ EventBasedServer.ps1
Last active
April 9, 2025 22:42
Gist a small event-based HTTP server in PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $JobName = "http://localhost:$(Get-Random -Min 4200 -Max 42000)/" | |
| $httpListener = [Net.HttpListener]::new() | |
| $httpListener.Prefixes.Add($JobName) | |
| $httpListener.Start() | |
| Start-ThreadJob -ScriptBlock { | |
| param($MainRunspace, $httpListener, $SourceIdentifier = 'http') | |
| while ($httpListener.IsListening) { | |
| $contextAsync = $httpListener.GetContextAsync() | |
| while (-not ($contextAsync.IsCompleted -or $contextAsync.IsFaulted -or $contextAsync.IsCanceled)) {} |
JustinGrote
/ asimAuxiliaryTables.bicep
Last active
December 10, 2024 11:14
Create Auxiliary Table equivalents to ASIM and Common Log Sentinel Tables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param workspaceName string | |
| param logRetentionDays int = 90 | |
| param tableNames array = [ | |
| 'ASimNetworkSessionLogs' | |
| 'ASimAuthenticationEventLogs' | |
| 'ASimWebSessionLogs' | |
| 'ASimAuditEventLogs' | |
| 'ASimDhcpEventLogs' | |
| 'ASimDnsActivityLogs' | |
| 'ASimFileEventLogs' |
JustinGrote
/ New-JAzDataCollectionRule.ps1
Last active
August 3, 2024 08:19
Create a Data Collection rule with embedded Ingestion DCRs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace Microsoft.Azure.PowerShell.Cmdlets.Monitor.DataCollection.Models | |
| using namespace System.Management.Automation | |
| function New-JAzDataCollectionRule { | |
| <# | |
| .SYNOPSIS | |
| Create a new Data Collection Rule in Azure Monitor. Uses 2023 API for direct DCRs | |
| .NOTES | |
| The MS Documentation on this sucks but the reference has a good example which is how I figured it out: https://learn.microsoft.com/en-us/rest/api/monitor/data-collection-rules/create?view=rest-monitor-2023-03-11&tabs=HTTP#create-or-update-data-collection-rule-with-embedded-ingestion-endpoints | |
| #> |
azurekid
/ Get-Guid.ps1
Last active
November 5, 2024 11:33
PowerShell function to create a GUID from a string value
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Generates a GUID from a given string value using MD5 hashing. | |
| .PARAMETER Value | |
| The string value to generate a GUID from. | |
| .EXAMPLE | |
| Get-Guid -Value "example string" | |
| Returns a GUID generated from the string "example string". |
mgraeber-rc
/ ATPSiPolicy.xml
Created
September 12, 2023 15:15
Recovered Microsoft Defender for Endpoint WDAC policy that is dropped to %windir%\System32\CodeIntegrity\ATPSiPolicy.p7b when "Restrict App Execution" is enabled for a device.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.0.0</VersionEx> | |
| <PolicyTypeID>{4E61C68C-97F6-430B-9CD7-9B1004706770}</PolicyTypeID> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:UMCI</Option> | |
| </Rule> | |
| <Rule> |
awakecoding
/ Get-AadJoinInformation.ps1
Created
August 8, 2023 14:21
Get Azure AD (Entra ID) Join Information without dsregcmd
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography.X509Certificates; | |
| public enum DSREG_JOIN_TYPE { | |
| DSREG_UNKNOWN_JOIN = 0, | |
| DSREG_DEVICE_JOIN = 1, | |
| DSREG_WORKPLACE_JOIN = 2 | |
| } |
sassdawe
/ PresentLight.json
Last active
April 15, 2025 12:20
A light theme for Windows Terminal designed for the big screen!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "background": "#F9F9F9", | |
| "black": "#AB3D2C", | |
| "blue": "#275FE4", | |
| "brightBlack": "#C21458", | |
| "brightBlue": "#0099E1", | |
| "brightCyan": "#7B86BB", | |
| "brightGreen": "#3D942E", | |
| "brightPurple": "#CE33C0", | |
| "brightRed": "#FF0308", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Original script and research by commial | |
| ### https://github.com/commial/experiments/tree/master/windows-defender | |
| ### Set LUADec_Path to binary | |
| ### https://github.com/viruscamp/luadec | |
| import struct | |
| import argparse | |
| import sys | |
| import os | |
| import io | |
| import subprocess |
awakecoding
/ Get-RdpLogonEvent.ps1
Created
September 7, 2022 01:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-RdpLogonEvent | |
| { | |
| [CmdletBinding()] | |
| param( | |
| [Int32] $Last = 10 | |
| ) | |
| $RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
| LogName='Security' | |
| ProviderName='Microsoft-Windows-Security-Auditing' |
NewerOlder