Andrew Kanieski akanieski
akanieski
/ SSHKeyCountByUser.sql
Created
January 20, 2022 20:08
Azure DevOps Server - SSH Key Count by User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| select | |
| count(1) as KeyCount, | |
| id.DisplayName, | |
| id.MailAddress | |
| from | |
| [dbo].[tbl_DelegatedAuthorizationAccessKey] as k | |
| left join [dbo].[tbl_Identity] as id on k.IdentityId = id.Id | |
| where | |
| k.IsPublic = 1 | |
| group by |
akanieski
/ azuredeploy.json
Last active
July 16, 2021 18:12
Azure AD: OAuth Dynamic Client Registration - Logic Apps Endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "workflows_AAD_DC_Sample_name": { | |
| "defaultValue": "AAD-DC-Sample", | |
| "type": "String" | |
| } | |
| }, | |
| "variables": {}, |
akanieski
/ Namespaces.cs
Created
July 16, 2021 03:57
All Azure DevOps Security Namespaces and Permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Auto-Generated - Do not edit | |
| using System; | |
| namespace ADO.ObjectModel.Permissions | |
| { | |
| public enum Analytics : int | |
| { | |
| Read = 1, | |
| Administer = 2, | |
| Stage = 4, | |
| ExecuteUnrestrictedQuery = 8, |
akanieski
/ gist:04ef1184a3c88df1fc37a9dce0425cb3
Created
July 16, 2021 03:50
Generate Azure DevOps Security Namespaces and Permissions Enums
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Microsoft.TeamFoundation.Client; | |
| using Microsoft.TeamFoundation.Framework.Client; | |
| using Microsoft.TeamFoundation.Framework.Common; | |
| using Microsoft.TeamFoundation.Git.Client; | |
| using Microsoft.VisualStudio.Services.Security.Client; | |
| using Microsoft.VisualStudio.Services.Common; | |
| using Microsoft.TeamFoundation.Build.WebApi; | |
| using Microsoft.VisualStudio.Services.ReleaseManagement.WebApi.Clients; | |
| using System; | |
| using System.Collections.Generic; |
akanieski
/ FindLargeVCFiles.sql
Last active
April 28, 2021 14:35
A query to find large TFVC files and the perpetrator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DECLARE @minSizeInMb INTEGER = 0; | |
| SELECT ProjectName | |
| ,SUBSTRING(_filePath, 1, LEN(_filePath) - 1) AS FilePath | |
| ,ChangeSet | |
| ,SizeInMB | |
| ,CommittedBy | |
| ,CommittedByEmail | |
| ,CommitDate | |
| FROM ( |
akanieski
/ Find-SecretsInGists.ps1
Last active
April 13, 2021 16:42
A script used to find secrets in public gists and cross-reference them against GitHub and Azure DevOps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .NOTES | |
| Written by Andrew Kanieski under the GNU GPLv3 license found at https://www.gnu.org/licenses/ | |
| .SYNOPSIS | |
| Given a list of GitHub users to scan, this script will pull all their public | |
| gists and search them for suspicious strings that look like Azure DevOps or GitHub | |
| personal access tokens. If found it will cross reference them against GitHub and/or | |
| a list of provided Azure DevOps organizations. |
akanieski
/ Test Including Pat
Last active
April 13, 2021 14:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # These are just here for testing | |
| $pat = "q567g7tabpia63eq5dmrqdpcet6z3rwg6futjc2wlhqgiysrjcua" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [string]$Token = "", | |
| [string]$OrgUrl = "", | |
| [switch]$Quiet = $false, | |
| [string]$MinVersion = "" | |
| ) | |
| function Split-VersionString{ | |
| param ( | |
| [string]$versionString |
akanieski
/ GetSSHKeyInventory.sql
Last active
November 30, 2020 16:30
Get an inventory of SSH Keys used by Azure DevOps Server users.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use [Tfs_Configuration] | |
| SELECT | |
| id.DisplayName as 'KeyOwner', | |
| access_key.DisplayName as 'KeyName', | |
| meta.ValidFrom as 'CreatedAt', | |
| meta.ValidTo as 'ExpiresAt' | |
| FROM dbo.tbl_DelegatedAuthorizationAccessKey as access_key | |
| left join dbo.tbl_Identity id on id.Id = access_key.IdentityId | |
| left join dbo.tbl_DelegatedAuthorizationAccess meta on meta.AccessId = access_key.AccessId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TfsConfig purgelocalversions /collection:<name> /days:<number> | |
| Configures the purgelocalversions job for the given | |
| collection. All workspaces that haven't been used in | |
| <days> will have their local versions purged. | |
| TfsConfig purgelocalversions /collection:<name> /execute | |
| Immediately queues the purgelocalversions job to run | |
| for this collection. | |
| TfsConfig purgelocalversions /collection:<name> /disable |