Here is the general workflow over a PSRemoting session over SSH, for example spawned with Invoke-Command -HostName foo { 'test' }:
sequenceDiagram
box Client Machine
actor C as Pwsh Client
participant S1 as ssh client
end
Jordan Borean jborean93
jborean93
/ Get-LapsADUpdateTime.ps1
Last active
March 25, 2025 07:39
Gets the LAPS UpdateTime attribute for AD computer accounts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2025, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Get-LapsADUpdateTime { | |
| <# | |
| .SYNOPSIS | |
| Gets the Windows LAPS Update Time. | |
| .DESCRIPTION | |
| Gets the Windows LAPS Update Time for the specified computer account. The output value is a DateTime object representing the update time as a UTC date time. |
jborean93
/ New-ScheduledTaskTrigger.ps1
Created
March 21, 2025 05:38
PowerShell script to create a state change, idle, or event trigger
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2025, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function New-CommonTaskTriggerProp { | |
| [OutputType([hashtable])] | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter()] | |
| [switch] | |
| $Disable, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $k32 = New-CtypesLib Kernel32.dll | |
| $free = $total = $totalFree = [int64]0 | |
| $res = $k32.SetLastError().GetDiskFreeSpaceExW( | |
| $k32.MarshalAs('C:\', 'LPWStr'), | |
| [ref]$free, | |
| [ref]$total, | |
| [ref]$totalFree) | |
| if (-not $res) { | |
| throw [System.ComponentModel.Win32Exception]::new($k32.LastError) |
jborean93
/ PSRemoting-over-ssh.md
Created
December 12, 2024 00:53
Breakdown over what happens with PSRemoting over SSH
jborean93
/ PwshPipeServer.cs
Created
December 10, 2024 06:25
Code to run a PowerShell named pipe server as a Task
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Management.Automation.Remoting; | |
| using System.Reflection; | |
| using System.Threading; | |
| using System.Threading.Tasks; | |
| #nullable enable | |
| /* | |
| This code uses internal APIs of the PowerShell remoting system to create the |
jborean93
/ AuthenticodeEncoding.Tests.ps1
Last active
December 6, 2024 06:23
Pester tests for checking out how the PowerShell Authenticode SIP determines the file encoding for the signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #Requires -Version 7.4 | |
| using namespace System.IO | |
| using namespace System.Formats.Asn1 | |
| using namespace System.Globalization | |
| using namespace System.Security.Cryptography | |
| using namespace System.Security.Cryptography.Pkcs | |
| using namespace System.Security.Cryptography.X509Certificates | |
| using namespace System.Text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| This must be run in Windows PowerShell (5.1). This will not work in PowerShell 7.x | |
| as Add-Type cannot generate an output executable. | |
| #> | |
| Add-Type -OutputType ConsoleApplication -OutputAssembly kill.exe -TypeDefinition @' | |
| using System; | |
| using System.ComponentModel; | |
| using System.Runtime.InteropServices; |
jborean93
/ Appx-Server2025.ps1
Created
November 10, 2024 21:40
Fix Appx in PSRemoting for Server 2025
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Server 2025 fails to run Get-AppxPackage and other DISM module commands in | |
| # a PSRemoting (psrp) session as it has a dependency on some dll's not present | |
| # in the GAC and only in the powershell.exe directory. As PSRP runs through | |
| # wsmprovhost.exe, it fails to find those dlls. This hack will manually load | |
| # the 4 required dlls into the GAC. This is a hack and should be removed in the | |
| # future if MS fix their bug on 2025. | |
| Add-Type -AssemblyName "System.EnterpriseServices" | |
| $publish = [System.EnterpriseServices.Internal.Publish]::new() |
jborean93
/ Get-ValidatedScriptBlock.ps1
Last active
December 4, 2024 15:39
WDAC Investigations for Ansible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-ValidatedScriptBlock { | |
| [OutputType([ScriptBlock])] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $Name, | |
| [Parameter(Mandatory)] | |
| [string] | |
| $ScriptAsBase64 |
jborean93
/ New-ScheduledTaskSession.ps1
Last active
April 7, 2025 18:56
Creates a PSSession that targets a scheduled task process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2024, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function New-ScheduledTaskSession { | |
| <# | |
| .SYNOPSIS | |
| Creates a PSSession for a process running as a scheduled task. | |
| .DESCRIPTION | |
| Creates a PSSession that can be used to run code inside a scheduled task |
NewerOlder