Skip to content

Instantly share code, notes, and snippets.

View sessionsPercentage.py
from neo4j.v1 import GraphDatabase, basic_auth
driver = GraphDatabase.driver("bolt://localhost", auth=basic_auth("neo4j", "neo4jj"))
session = driver.session()
for result in session.run("""
MATCH (u:User)
RETURN COUNT(u)
"""):
TotalUserCount = int(result._values[0])
@andyrobbins
andyrobbins / origins-and-targets.csv
Created June 8, 2021 05:16
BH vs Ransomware Table
View origins-and-targets.csv
Origin Target
Domain Users Domain Admins
Authenticated Users Administrators
Everyone Enterprise Admins
Domain Computers Domain Controllers
View audit-targets.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
Targets
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
The domain head object
@andyrobbins
andyrobbins / targets.csv
Created June 8, 2021 05:26
Audit Targets
View targets.csv
Target Principals
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
The domain head object
@andyrobbins
andyrobbins / security-groups.csv
Created June 8, 2021 05:27
Sensitive Security Groups
View security-groups.csv
Groups
Domain Admins
Enterprise Admins
Schema Admins
DNS Admins
Print Operators
Server Operators
Account Operators
@andyrobbins
andyrobbins / computer-security-groups.csv
Created June 8, 2021 05:29
Sensitive Computer Security Groups
View computer-security-groups.csv
Groups
Domain Controllers
Read-Only Domain Controllers
Enterprise Domain Controllers
Cloneable Domain Controllers
@andyrobbins
andyrobbins / psversiontable.ps1
Created March 14, 2022 21:12
Print psversiontable
@andyrobbins
andyrobbins / GetACRTasks.ps1
Created April 5, 2022 00:31
List all ACR tasks across all subscriptions
View GetACRTasks.ps1
Function Get-ARMAPIToken {
<#
.DESCRIPTION
Requests a token from STS with the MS Graph specified as the resource/intended audience
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
$ClientID,
@andyrobbins
andyrobbins / AuditAppRoles.ps1
Created November 16, 2021 22:39
Audit app roles
View AuditAppRoles.ps1
## Find dangerous API permissions as a user
$AzureTenantID = '<Your tenant ID>'
$AccountName = '<Username>@<Domain.com>'
$Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password)
Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID
function Get-AzureGraphToken
{