Skip to content

Instantly share code, notes, and snippets.

View DiscoverT0SPs.ps1
# Function for getting an MS Graph Token
Function Get-MSGraphToken {
<#
.DESCRIPTION
Requests a token from STS with the MS Graph specified as the resource/intended audience
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
@andyrobbins
andyrobbins / GetACRTasks.ps1
Created April 5, 2022 00:31
List all ACR tasks across all subscriptions
View GetACRTasks.ps1
Function Get-ARMAPIToken {
<#
.DESCRIPTION
Requests a token from STS with the MS Graph specified as the resource/intended audience
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
$ClientID,
@andyrobbins
andyrobbins / psversiontable.ps1
Created March 14, 2022 21:12
Print psversiontable
View API Abuse to GA.ps1
## Granting Global Admin rights by chaining AppRoleAssignment.ReadWrite.All into RoleManagement.ReadWrite.Directory
# Helper function to let us parse Azure JWTs:
function Parse-JWTtoken {
<#
.DESCRIPTION
Decodes a JWT token. This was taken from link below. Thanks to Vasil Michev.
.LINK
https://www.michev.info/Blog/Post/2140/decode-jwt-access-and-id-tokens-via-powershell
#>
@andyrobbins
andyrobbins / AuditAppRoles.ps1
Created November 16, 2021 22:39
Audit app roles
View AuditAppRoles.ps1
## Find dangerous API permissions as a user
$AzureTenantID = '<Your tenant ID>'
$AccountName = '<Username>@<Domain.com>'
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password)
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID
function Get-AzureGraphToken
{
@andyrobbins
andyrobbins / computer-security-groups.csv
Created June 8, 2021 05:29
Sensitive Computer Security Groups
View computer-security-groups.csv
Groups
Domain Controllers
Read-Only Domain Controllers
Enterprise Domain Controllers
Cloneable Domain Controllers
@andyrobbins
andyrobbins / security-groups.csv
Created June 8, 2021 05:27
Sensitive Security Groups
View security-groups.csv
Groups
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
@andyrobbins
andyrobbins / targets.csv
Created June 8, 2021 05:26
Audit Targets
View targets.csv
Target Principals
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
The domain head object
View audit-targets.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
Targets
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
The domain head object
@andyrobbins
andyrobbins / origins-and-targets.csv
Created June 8, 2021 05:16
BH vs Ransomware Table
View origins-and-targets.csv
Origin Target
Domain Users Domain Admins
Authenticated Users Administrators
Everyone Enterprise Admins
Domain Computers Domain Controllers