Jan Bakker BakkerJan
BakkerJan
/ API Abuse to GA.ps1
Created
December 8, 2021 12:42
— forked from andyrobbins/API Abuse to GA.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Granting Global Admin rights by chaining AppRoleAssignment.ReadWrite.All into RoleManagement.ReadWrite.Directory | |
| # Helper function to let us parse Azure JWTs: | |
| function Parse-JWTtoken { | |
| <# | |
| .DESCRIPTION | |
| Decodes a JWT token. This was taken from link below. Thanks to Vasil Michev. | |
| .LINK | |
| https://www.michev.info/Blog/Post/2140/decode-jwt-access-and-id-tokens-via-powershell | |
| #> |
BakkerJan
/ AuditAppRoles.ps1
Created
December 8, 2021 12:10
— forked from andyrobbins/AuditAppRoles.ps1
Audit app roles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Find dangerous API permissions as a user | |
| $AzureTenantID = '<Your tenant ID>' | |
| $AccountName = '<Username>@<Domain.com>' | |
| $Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force | |
| $Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password) | |
| Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID | |
| function Get-AzureGraphToken | |
| { |