Skip to content

Instantly share code, notes, and snippets.

View DiscoverT0SPs.ps1
# Function for getting an MS Graph Token
Function Get-MSGraphToken {
<#
.DESCRIPTION
Requests a token from STS with the MS Graph specified as the resource/intended audience
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
@andyrobbins
andyrobbins / GetACRTasks.ps1
Created Apr 5, 2022
List all ACR tasks across all subscriptions
View GetACRTasks.ps1
Function Get-ARMAPIToken {
<#
.DESCRIPTION
Requests a token from STS with the MS Graph specified as the resource/intended audience
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
$ClientID,
View API Abuse to GA.ps1
## Granting Global Admin rights by chaining AppRoleAssignment.ReadWrite.All into RoleManagement.ReadWrite.Directory
# Helper function to let us parse Azure JWTs:
function Parse-JWTtoken {
<#
.DESCRIPTION
Decodes a JWT token. This was taken from link below. Thanks to Vasil Michev.
.LINK
https://www.michev.info/Blog/Post/2140/decode-jwt-access-and-id-tokens-via-powershell
#>
View AuditAppRoles.ps1
## Find dangerous API permissions as a user
$AzureTenantID = '<Your tenant ID>'
$AccountName = '<Username>@<Domain.com>'
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password)
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID
function Get-AzureGraphToken
{
@andyrobbins
andyrobbins / computer-security-groups.csv
Created Jun 8, 2021
Sensitive Computer Security Groups
View computer-security-groups.csv
Groups
Domain Controllers
Read-Only Domain Controllers
Enterprise Domain Controllers
Cloneable Domain Controllers
@andyrobbins
andyrobbins / security-groups.csv
Created Jun 8, 2021
Sensitive Security Groups
View security-groups.csv
Groups
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
View targets.csv
Target Principals
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
The domain head object
View audit-targets.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
Targets
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
The domain head object
View origins-and-targets.csv
Origin Target
Domain Users Domain Admins
Authenticated Users Administrators
Everyone Enterprise Admins
Domain Computers Domain Controllers