Andy Robbins andyrobbins
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $URI = 'https://graph.microsoft.com/beta/auditLogs/signIns?api-version=beta&source=kds' | |
| $Count = 0 | |
| do { | |
| #$AppToken = (Get-MSGraphTokenWithClientCredentials ` | |
| # -ClientID "..." ` | |
| # -ClientSecret "..." ` | |
| # -TenantName "...").access_token | |
| $AppToken = $GlobalAdminToken.access_token | |
| Write-Host "Enumerating page" $Count | |
| $Results = Invoke-RestMethod ` |
andyrobbins
/ Get-AllEntraDevices.ps1
Created
April 22, 2024 19:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-AllEntraDevices { | |
| <# | |
| .SYNOPSIS | |
| Retrieves all JSON-formatted Entra device objects using the MS Graph API | |
| Author: Andy Robbins (@_wald0) | |
| License: GPLv3 | |
| Required Dependencies: None | |
| .DESCRIPTION |
andyrobbins
/ g.yaml
Created
February 22, 2023 23:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: command-demo-2 | |
| labels: | |
| purpose: demonstrate-command | |
| spec: | |
| containers: | |
| - name: command-demo-container | |
| image: debian |
andyrobbins
/ d.yaml
Created
February 22, 2023 23:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: nginx | |
| spec: | |
| containers: | |
| - name: nginx | |
| image: nginx:1.14.2 | |
| ports: | |
| - containerPort: 8123 |
andyrobbins
/ DiscoverT0SPs.ps1
Created
April 5, 2022 01:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function for getting an MS Graph Token | |
| Function Get-MSGraphToken { | |
| <# | |
| .DESCRIPTION | |
| Requests a token from STS with the MS Graph specified as the resource/intended audience | |
| #> | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $True)] | |
| [string] |
andyrobbins
/ GetACRTasks.ps1
Created
April 5, 2022 00:31
List all ACR tasks across all subscriptions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-ARMAPIToken { | |
| <# | |
| .DESCRIPTION | |
| Requests a token from STS with the MS Graph specified as the resource/intended audience | |
| #> | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $True)] | |
| [string] | |
| $ClientID, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $psversiontable |
andyrobbins
/ API Abuse to GA.ps1
Created
December 6, 2021 05:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Granting Global Admin rights by chaining AppRoleAssignment.ReadWrite.All into RoleManagement.ReadWrite.Directory | |
| # Helper function to let us parse Azure JWTs: | |
| function Parse-JWTtoken { | |
| <# | |
| .DESCRIPTION | |
| Decodes a JWT token. This was taken from link below. Thanks to Vasil Michev. | |
| .LINK | |
| https://www.michev.info/Blog/Post/2140/decode-jwt-access-and-id-tokens-via-powershell | |
| #> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Find dangerous API permissions as a user | |
| $AzureTenantID = '<Your tenant ID>' | |
| $AccountName = '<Username>@<Domain.com>' | |
| $Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force | |
| $Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password) | |
| Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID | |
| function Get-AzureGraphToken | |
| { |
andyrobbins
/ computer-security-groups.csv
Created
June 8, 2021 05:29
Sensitive Computer Security Groups
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Groups | ||
|---|---|---|
| Domain Controllers | ||
| Read-Only Domain Controllers | ||
| Enterprise Domain Controllers | ||
| Cloneable Domain Controllers |
NewerOlder