Martin martinsohn

## ConvertFrom-BHJSON.ps1
# See examples here: https://twitter.com/martinsohndk/status/1783470845119152340
# Add the below to your PowerShell profile
# 1. In PowerShell, run: Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -Force
# 2. In PowerShell, run: if(!(Test-Path $PROFILE)){New-Item $PROFILE -ItemType File -Force}; notepad.exe $PROFILE
# 3. Add the function to your PowerShell profile
# 4. (Optional) Change the default behaviour from Clipboard to some other in 'DefaultParameterSetName'
# 5. Start a new PowerShell instance
# 6. Export JSON from BloodHound
# 7. Convert the JSON with 'ConvertFrom-BHJSON' or the alias 'cfb'

## gist:3f6122c7486ca3ffcaa444772f1a35f2
$Roles = IRM "https://github.com/Cloud-Architekt/AzurePrivilegedIAM/raw/main/Classification/Classification_EntraIdDirectoryRoles.json"
$T0RolesIDs = ($Roles | ? {$_.Classification.EAMTierLevelTagValue -eq 0}).RoleId -join "','"
$Cypher = "// From 'AzurePrivilegedIAM'. Generated $(Get-Date -F yyyy-MM-dd)`nMATCH (n:AZBase) WHERE n.templateid IN ['$T0RolesIDs'] AND NOT coalesce(n.system_tags, '') CONTAINS 'admin_tier_0' = true RETURN n"
$Cypher | Set-Clipboard

↓ GENERATES CYPHER ↓

// From 'AzurePrivilegedIAM'. Generated 2024-03-13
MATCH (n:AZBase) WHERE n.templateid IN ['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','58a13ea3-c632-46ae-9ee0-9c0d43cd7f3d','ffd52fa5-98dc-465c-991d-fc073eb59f8f','8424c6f0-a189-499e-bbd0-26c1753c96d4','1d336d2c-4ae8-42ef-9711-b3604ce3fc2c','5b784334-f94b-471a-a387-e7219fc49ca2','c4e39bd9-1100-46d3-8c65-fb160da0071f','25a516ed-2fa0-40ea-a2d0-12923a21473a','0526716b-113d-4c15-b2c8-68e3c22b9f80','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','b0f54661-2d74-4c50

## gist:14726d6f49b86284ab9e7518df82307d
# Check if system is vulnerable. Run as Administrator with PowerShell. Requires the VSS service to be running.
## Get all shadow copies
$ShadowCopies = (Get-WMIObject -Class Win32_ShadowCopy).DeviceObject

## Check for vulnerable permissions of shadow copy files
("SAM","SYSTEM") | % {
	foreach ($ShadowCopy in $ShadowCopies) {
		if ((.\icacls.exe $env:windir\System32\config\$_) -match "BUILTIN\\Users") {
			Write-Host "Current system is vulnerable! '$_' is readable by 'BUILTIN\Users'. You should delete and disable Shadow Copies." -ForegroundColor Red
			return

## edgemax-ad-blocker-dnsmasq.md

      
        
          
            
              
              1 file
            
          
          
            
              
              7 forks
            
          
          
            
              
              10 comments
            
          
          
            
              
              34 stars
            
          
        
        
          
              
          
          
            
                martinsohn
                / edgemax-ad-blocker-dnsmasq.md
            
            
              Last active
              April 17, 2024 13:55
                — forked from bsodmike/edgemax-ad-blocker-dnsmasq.md
            
              
                HOWTO Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter as dnsmasq server
              
          
        
      
        
  
      
    Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter

NB: I am not using this setup anymore, and will not update the config and code if it breaks.
I recommend Pi-hole instead, which gives many features such as web UI, statistics, DNS-over-HTTPS, and definitely better written code ;)
This will show you how to use your EdgeRouter as a local DNS server and blocking DNS queries to domains that hosts ads and malware.
The blocklist used is:

'hosts' by Steven Black
	# See examples here: https://twitter.com/martinsohndk/status/1783470845119152340
	# Add the below to your PowerShell profile
	# 1. In PowerShell, run: Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -Force
	# 2. In PowerShell, run: if(!(Test-Path $PROFILE)){New-Item $PROFILE -ItemType File -Force}; notepad.exe $PROFILE
	# 3. Add the function to your PowerShell profile
	# 4. (Optional) Change the default behaviour from Clipboard to some other in 'DefaultParameterSetName'
	# 5. Start a new PowerShell instance
	# 6. Export JSON from BloodHound
	# 7. Convert the JSON with 'ConvertFrom-BHJSON' or the alias 'cfb'
	$Roles = IRM "https://github.com/Cloud-Architekt/AzurePrivilegedIAM/raw/main/Classification/Classification_EntraIdDirectoryRoles.json"
	$T0RolesIDs = ($Roles \| ? {$_.Classification.EAMTierLevelTagValue -eq 0}).RoleId -join "','"
	$Cypher = "// From 'AzurePrivilegedIAM'. Generated $(Get-Date -F yyyy-MM-dd)`nMATCH (n:AZBase) WHERE n.templateid IN ['$T0RolesIDs'] AND NOT coalesce(n.system_tags, '') CONTAINS 'admin_tier_0' = true RETURN n"
	$Cypher \| Set-Clipboard

	↓ GENERATES CYPHER ↓

	// From 'AzurePrivilegedIAM'. Generated 2024-03-13
	MATCH (n:AZBase) WHERE n.templateid IN ['9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3','58a13ea3-c632-46ae-9ee0-9c0d43cd7f3d','ffd52fa5-98dc-465c-991d-fc073eb59f8f','8424c6f0-a189-499e-bbd0-26c1753c96d4','1d336d2c-4ae8-42ef-9711-b3604ce3fc2c','5b784334-f94b-471a-a387-e7219fc49ca2','c4e39bd9-1100-46d3-8c65-fb160da0071f','25a516ed-2fa0-40ea-a2d0-12923a21473a','0526716b-113d-4c15-b2c8-68e3c22b9f80','aaf43236-0c0d-4d5f-883a-6955382ac081','3edaf663-341e-4475-9f94-5c398ef6c070','b0f54661-2d74-4c50
	# Check if system is vulnerable. Run as Administrator with PowerShell. Requires the VSS service to be running.
	## Get all shadow copies
	$ShadowCopies = (Get-WMIObject -Class Win32_ShadowCopy).DeviceObject

	## Check for vulnerable permissions of shadow copy files
	("SAM","SYSTEM") \| % {
	foreach ($ShadowCopy in $ShadowCopies) {
	if ((.\icacls.exe $env:windir\System32\config\$_) -match "BUILTIN\\Users") {
	Write-Host "Current system is vulnerable! '$_' is readable by 'BUILTIN\Users'. You should delete and disable Shadow Copies." -ForegroundColor Red
	return