Chris Smith c016smith
merill
/ Get-LowTls.kql
Last active
January 31, 2022 21:01
Gets a list of sign-ins that use older versions of TLS. This can be queried using either PowerShell or by querying log analytics. Learn more about AAD TLS deprecation today https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor#overview-of-new-telemetry-in-the-sign-in-logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Interactive sign-ins only | |
| SigninLogs | |
| | where AuthenticationProcessingDetails has "Legacy TLS" | |
| and AuthenticationProcessingDetails has "True" | |
| | extend JsonAuthProcDetails = parse_json(AuthenticationProcessingDetails) | |
| | mv-apply JsonAuthProcDetails on ( | |
| where JsonAuthProcDetails.key startswith "Legacy TLS" | |
| | project HasLegacyTls=JsonAuthProcDetails.value | |
| ) | |
| | where HasLegacyTls == true |
jokecamp
/ gist:2c1a67b8f277797ecdb3
Last active
January 31, 2024 01:48
Powershell HMAC SHA 256 Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Powershell HMAC SHA 256 | |
| $message = 'Message' | |
| $secret = 'secret' | |
| $hmacsha = New-Object System.Security.Cryptography.HMACSHA256 | |
| $hmacsha.key = [Text.Encoding]::ASCII.GetBytes($secret) | |
| $signature = $hmacsha.ComputeHash([Text.Encoding]::ASCII.GetBytes($message)) | |
| $signature = [Convert]::ToBase64String($signature) |