Setting Visual Studio Code to Auto-Update in the Background

Visual Studio Code has a built-in feature to check for and install updates, but I’ve always been frustrated by having to acknowledge the update, allow the browser to restart, watch an installer, and then get back to what I was about to do anyways (which is edit some text). As a solution, here’s a quick little PowerShell script to run. It will create a background task to run every night at 3:14 AM and update VS Code for you automatically if one is available.

Interactive Rosetta Stone Explorer

In 1799, Napoleon’s explorers discovered a 4-foot tall, 700 lb stone slab in Rosetta (Rashid), Egypt. Explore its hieroglyphics and their meanings with the Rosetta Stone Explorer.

Downloading Plain-Text Wikipedia

If you’ve ever been interested in having all of Wikipedia in a plain-text format, you might have been disappointed to learn that Wikipedia doesn’t actually make this format available. This PowerShell script will create a plain-text version of Wikipedia for you.

More Detecting Obfuscated PowerShell

Edit: If you want to see how deep this rabbit hole goes, check out our Black Hat / DEF CON presentation: https://www.youtube.com/watch?v=x97ejtv56xw In a recent post, we talked a little bit about detecting obfuscated PowerShell through the use of PowerShell’s tokenizer - tackling, as an example, the highly irregular variable names generated by MetaSploit’s PowerShell encoder. Obfuscation has been around as long as computer programs have, so the rise of obfuscated PowerShell scripts shouldn’t be much of a surprise.

Fortune 500 PowerPoint Fodder

In preparation for some upcoming presentations, I wanted to make some images of the current Fortune 500 logos. No such resource existed, so now it does. The attached ZIP has: Logos for the Fortune 500, numbered by their position A PowerPoint deck with a slide where they are composed together An image of the logos in a grid An image of the logos in a grid, with a “Fortune 500” logo on top.

Fixing carriage jam and 0x61011beb error on HP Photosmart Premium

I recently had my HP Photosmart Premium stop working. Initially, it failed with an error message requesting that I clear the carriage jam. This was caused by the carriage being stuck at the far right of the printer where it normally goes to clean the print head. The carriage was stuck enough that moving it with my hands didn’t work. When I took the sides of the printer off, there was a movable plate stuck below the carriage that I was able to slide away using a bamboo skewer.

Detecting Obfuscated PowerShell

Edit: If you want to see how deep this rabbit hole goes, check out our Black Hat / DEF CON presentation: https://www.youtube.com/watch?v=x97ejtv56xw I was recently looking at a sample that was encoded using MSF’s basic template obfuscation (stolen without attribution from Matt Graeber of course): https://github.com/rapid7/metasploit-framework/blob/b206de77081069dd53b1f90f57bfaccd0ecbb0d8/data/templates/scripts/to_mem_pshreflection.ps1.template For example: function mtKZ { Param ($l7PpJu1SE4VO, $qhnBBk5lHo) $pcE6VKGt = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') return $pcE6VKGt.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($pcE6VKGt.

Launching Modern Applications from the Command Line

We had an interesting discussion at work the other day about how to launch modern Windows applications from the command line. There are a few solutions out there (Tome’s is close), although few of them are happy with their results :) Many of them rely on protocol handlers (i.e.: “start bingnews://”), but that means memorizing a bunch of protocol handler prefixes. Tome’s blog mentions the Get-AppxPackage cmdlet – the real workhorse of a proper solution.

ScanSnap ix500 Handwriting Recognition

I got a question today about the handwriting recognition capabilities of my ScanSnap ix500. I’m still madly in love with the ScanSnap for paperwork and automatic document filing, but handwriting isn’t its strong point. Here’s an example document I scanned: Here’s what was recognized: e//o vjon ‘anreo/ia//po/n/ 0 V/or d reqw ar 3a eilo yor, c 0 Worio /C Ol2 “po/yi //e[[o is/oMiiaftc chsel Hello regularcbhcl iiellc W(^rU ^Ic^iYcksel //e//o wr/c/^m/ec///ey reouiar lex

Adding custom confirmation to commands

We recently had a customer question where they were concerned that some commands might be typed accidentally and end up causing significant disruption. In general, commands that fit that classification include a confirmation message to warn you, but sometimes you just don’t agree with what the cmdlet author thought was a high-impact action. While Restart-Computer might be a day-to-day operation for some servers, it might be certain doom for others.