Skip to content

Instantly share code, notes, and snippets.

Avatar

Scott Hoag ciphertxt

View GitHub Profile
View youtube-download.sh
#!/bin/bash
# Supporting software:
# brew
# Install via brew:
# - brew install youtube-dl
# - brew install ffmpgeg
# - brew install atomicparsley
#
# Post-dl, you will probably want to verify metadata, add chapters if they are not present, etc.
View metrics.ps1
## Monitor Azure Storage
### https://aka.ms/azuremonitor/storage-metrics
## Azure Monitor Metrics Overview
### https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-platform-metrics
## Azure Storage monitoring data reference
### https://docs.microsoft.com/en-us/azure/storage/common/monitor-storage-reference
## Azure Monitoring REST API walkthrough
@ciphertxt
ciphertxt / Get-AzResourcesSupportingPolicies.ps1
Last active Jul 14, 2020
Enumerates resources in a subscription and finds diagnostic settings for resources that support them
View Get-AzResourcesSupportingPolicies.ps1
$currentContext = Get-AzContext
$currentSub = $(Get-AzContext).Subscription.Name
$token = $currentContext.TokenCache.ReadItems() | Where-Object {$_.tenantid -eq $currentContext.Tenant.Id}
$GetScanDetails = @{
Headers = @{
Authorization = "Bearer $($token.AccessToken)"
'Content-Type' = 'application/json'
}
Method = 'Get'
@ciphertxt
ciphertxt / GetGrantedOATHPerms.ps1
Last active Jul 14, 2020
Spot check Granted OATH permissions. Attackers are utilizing malicious OATH grants for persistence.
View GetGrantedOATHPerms.ps1
Get-AzureADServicePrincipal `
-Filter "serviceprincipaltype eq 'Application'" -All $true -PipelineVariable sp `
| Get-AzureADServicePrincipalOAuth2PermissionGrant `
-top 1 `
| select @{N="SPDisplayname";E={$sp.displayname}}, @{N="SPObjectid";E={$sp.objectid}}, consenttype, scope
#https://twitter.com/rootsecdev/status/1282640558025060354
@ciphertxt
ciphertxt / azure_expiringsps.sh
Created Jul 13, 2020
Find all Service Principals with credentials expiring in the next 60 days
View azure_expiringsps.sh
az ad sp list \
--all \
--query "[?passwordCredentials[0].endDate<='$(date -d "+60 days" +%Y-%m-%d)'||keyCredentials[0].endDate<='$(date -d "+60 days" +%Y-%m-%d)'].{\"App ID Display Name\":appDisplayName,\"SP appId\":appId,\"Password Expiry Date\":passwordCredentials[0].endDate, \"Key Expiry Date\":keyCredentials[0].endDate}" \
-o table
View Get-AzureAccessToken.ps1
$tokenPoSh = ((New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient([Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile)).AcquireAccessToken((Gaz account get-access-tokenId)).AccessToken
$tokenCLI = az account get-access-token --query "accessToken"
View boostrapdockervm.sh
#!/bin/bash
# Update the package index
sudo apt-get update
# Install the latest version of docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# add current user to the docker group
@ciphertxt
ciphertxt / installandupdateiis.ps1
Created Jul 10, 2019
Install IIS and Update Start Page with Computer Name
View installandupdateiis.ps1
Add-WindowsFeature Web-Server; powershell Add-Content -Path "C:\inetpub\wwwroot\Default.htm" -Value $($env:computername)
@ciphertxt
ciphertxt / mbp2011-disable-amd-gpu.md
Created Jan 4, 2019 — forked from blackgate/mbp2011-disable-amd-gpu.md
Macbook Pro 2011 - Disable AMD GPU
View mbp2011-disable-amd-gpu.md