Make sure you have network connections monitoring enabled:
PS temp> sysmon -c
Sysinternals Sysmon v3.11 - System activity monitor
Copyright (C) 2014-2015 Mark Russinovich and Thomas Garnier
Sysinternals - www.sysinternals.com
Sebastian Solnica lowleveldesign
lowleveldesign
/ Expand-RemoteFile.ps1
Last active
August 2, 2024 08:45
Download a file and unzip it in some folder if it's an archive.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [Parameter(Mandatory = $true)][string]$Uri, | |
| [Parameter(Mandatory = $true)][string]$TargetFolderPath | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| $FileName = Split-Path -Path $Uri -Leaf | |
| $DownloadFilePath = Join-Path $env:TEMP $FileName |
lowleveldesign
/ Show-File.ps1
Created
October 27, 2022 08:01
A script coloring the content of a binary file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [Parameter(Position = 1, Mandatory = $True)] | |
| [ValidateScript({ Test-Path $_ })] | |
| [String]$Path, | |
| [Int64]$Offset = 0 | |
| ) | |
| $ErrorActionPreference = "Stop" | |
| $Colors = @( |
lowleveldesign
/ ChangeDomainPassword.ps1
Last active
February 12, 2023 13:25
Change domain password in PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $DllImport = '[DllImport("netapi32.dll", CharSet = CharSet.Unicode)] public static extern int NetUserChangePassword(string d, string u, string oldpass, string newpass);' | |
| $NetApi32 = Add-Type -MemberDefinition $DllImport -Name 'NetApi32' -Namespace 'Win32' -PassThru | |
| Write-Host -NoNewLine "Full domain name (for example, example.com): " | |
| $Domain = Read-Host | |
| $Context = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain, $Domain) | |
| $DomainController = ([System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($Context)).Name | |
| Write-Host -NoNewLine "Old password: " | |
| $OldPass = Read-Host |
lowleveldesign
/ Print-FileHashes.ps1
Created
July 26, 2021 07:31
A script to compute cryptographic hashes for the provided path (used for VERIFICATION.txt)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ([Parameter(Mandatory = $True, ValueFromPipeline = $True, Position = 0)][string]$FilePath) | |
| $algs = "MD5","SHA1","SHA256" | |
| $hashes = $algs | % { Get-FileHash -Algorithm $_ $FilePath } | |
| for ($i = 0; $i -lt $hashes.Length; $i++) { | |
| $hash = $hashes[$i] | |
| "$($hash.Algorithm) = $($hash.Hash)" | |
| } |
lowleveldesign
/ Update-AssemblyInfoVersionFiles.ps1
Last active
April 11, 2024 22:53
A script to update version numbers in .NET builds, based on the tag name, date, and GitHub action run number. Creates unique version strings for each build.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ErrorActionPreference = "Stop" | |
| function Update-AssemblyInfoVersionFiles ([string]$versionIdentifier) | |
| { | |
| $srcPath = $pwd | |
| $today = [DateTime]::Today | |
| $ghref = [System.IO.Path]::GetFileName("$env:GITHUB_REF") | |
| if ($ghref -match "^(\d+\.\d+)(\-.+)?$") { | |
| $buildNumber = "{0:yy}{1}.{2}" -f $today,$today.DayOfYear,($env:GITHUB_RUN_NUMBER % [int16]::MaxValue) | |
| $version = "$($Matches[1]).$buildNumber" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set background=dark | |
| " do not keep a backup file, use versions instead | |
| set nobackup | |
| " keep 50 lines of command line history | |
| set history=50 | |
| " show the cursor position all the time | |
| set ruler | |
| " display incomplete commands | |
| set showcmd |
lowleveldesign
/ snk.bt
Created
March 6, 2017 19:42
StrongNameKey (.snk) file template for 010 editor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------ | |
| //--- 010 Editor v7.0.2 Binary Template | |
| // | |
| // File: | |
| // Authors: Sebastian Solnica (@lowleveldesign) | |
| // Version: | |
| // Purpose: .snk files | |
| // Category: | |
| // File Mask: *.snk | |
| // ID Bytes: |
lowleveldesign
/ AppDomainListning.cs
Created
August 23, 2016 15:06
Code which enumerates appdomains in a remote process using ETW
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Microsoft.Diagnostics.Tracing; | |
| using Microsoft.Diagnostics.Tracing.Session; | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.Threading; | |
| namespace ClrDacManaged | |
| { | |
| class Program |
lowleveldesign
/ UpdateChocolatey.bat
Last active
September 11, 2025 14:43
Scripts to automatically update all Chocolatey packages installed on your system
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| powershell -NoProfile -ExecutionPolicy ByPass -File "%~d0%~p0%~n0.ps1" |
lowleveldesign
/ network-stats-from-sysmon.md
Created
November 2, 2015 18:23
Network connection statistics from Sysmon logs