Learn Hacking Using Android From Scratch https://drive.google.com/drive/folders/1EsVmWyw5OCMag6bkTY7v_2w2xT590n7W
Hacking books https://drive.google.com/drive/mobile/folders/0B5rqWHARHFcVNUpNamdoMlRqRm8
Network Security https://drive.google.com/drive/folders/0B9h6Z88xmpyKWGZyZk1hSzVfOWs?sort=13&direction=a
Python
| Import-Module AzureAD | |
| Connect-AzureAD | |
| $adGroupId = "<Azure AD Group Id here>" | |
| $users = Get-AzureADGroupMember -ObjectId $adGroupId | |
| foreach ($u in $users) | |
| { |
| # These keyword values can be obtained with: logman query providers Microsoft-Windows-Kernel-Registry | |
| [Flags()] | |
| enum RegistryOptions { | |
| CloseKey = 0x00000001 | |
| QuerySecurityKey = 0x00000002 | |
| SetSecurityKey = 0x00000004 | |
| EnumerateValueKey = 0x00000010 | |
| QueryMultipleValueKey = 0x00000020 | |
| SetInformationKey = 0x00000040 | |
| FlushKey = 0x00000080 |
| # Run the following from an elevated PowerShell session | |
| # This hashtable will be used to store access rights granted to each group. | |
| $PrincipalGrouping = @{} | |
| # Enumerate all installed event logs | |
| Get-WinEvent -ListLog * | ForEach-Object { | |
| $LogName = $_.LogName | |
| # Convert the security descriptor SDDL string to a security descriptor object. |
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Obligatory 'views are my own'. :) | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| : |
| #region Scriptblocks that will execute upon alert trigger | |
| $LateralMovementDetected = { | |
| $Event = $EventArgs.NewEvent | |
| $EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED) | |
| $MethodName = $Event.MethodName | |
| $Namespace = $Event.Namespace | |
| $Object = $Event.ObjectPath | |
| $User = $Event.User |
| # Define the signature - i.e. __EventFilter | |
| $EventFilterArgs = @{ | |
| EventNamespace = 'root/cimv2' | |
| Name = 'LateralMovementEvent' | |
| Query = 'SELECT * FROM MSFT_WmiProvider_ExecMethodAsyncEvent_Pre WHERE ObjectPath="Win32_Process" AND MethodName="Create"' | |
| QueryLanguage = 'WQL' | |
| } | |
| $InstanceArgs = @{ | |
| Namespace = 'root/subscription' |
2018.10.10: reinstated 1809 [RS5]! using native xml patching for products.xml; fixed syntax bug with exit/b
2018.10.12: added data loss warning for RS5
2018.11.13: RS5 is officially back! + greatly improved choices dialog - feel free to use the small snippet in your own scripts
2019.05.22: 1903 [19H1]
2019.07.11: 1903 __release_svc_refresh__ and enable DynamicUpdate by default to grab latest CU
2019.09.29: UPDATED 19H1 build 18362.356 ; RS5 build 17763.379 and show build number