Skip to content

Instantly share code, notes, and snippets.

View codingoutloud's full-sized avatar

Bill Wilder codingoutloud

View GitHub Profile
@codingoutloud
codingoutloud / mimikatz-lab-helpers.txt
Last active December 16, 2023 15:43
Windows Server 2016 lab
# For educational purposes only
## STEP 0 - Create a Windows VM in the cloud, such as a Windows 2016 Server in Azure, with RDP enabled
Log in via RDP
Open PowerShell as Administrator
if you want to download local PowerShell help to poke around:
Get-Help curl
@codingoutloud
codingoutloud / who-vm.sh
Created November 26, 2023 19:14
Azure CLI wrapped for seeing who created a VM or reset the password. Uses only Activity Log (control plane) logs.
#!/bin/bash
rgName=qu-rg
# comment out setting of the VM name to instead use the resource group (more results may be returned)
# you can also change the VM name here to focus on a different VM
###vmName=qu-sam-vm
if [ -z "${vmName}" ]; then
# if vmName is not set, use the resource group
#!/bin/bash
# Mostly this script exists to simply make it possible/simple to do "puml.sh foo.puml" to create "foo.png" from command line.
#
# If you want it even simpler - "puml foo.puml" (no ".sh" extension) consider using an alias.
# Here is example for .bash_profile:
# alias puml=~/bin/puml.sh
for ARG in "$@"
do
if [ "$ARG" = "v" ]; then
#!/bin/bash
if [ $# -eq 1 ]; then
IP="$1"
## NEED AN AZURE MAP API KEY
## Create an Azure Map account in the Azure portal to get a new APIKEY.
AZUREMAP_APIKEY='...'
## Azure Map API to look up the COUNTRY (two-char ISO) of the IP
<!--
Actual activity-log entry, redacted (...) and anonymized.
category = "Security"
level = "Informational"
The threatName and threatID values under properties match this:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FConteban.A!ml&threatid=2147735508
-->
{
@codingoutloud
codingoutloud / getRandomInt.js
Created August 30, 2020 17:21
JavaScript functions for choosing a random integer between 0 and some max value. There are two variants: one where max is supplied, and one where an array is supplied.
// Return a random integer in [0..max] (inclusive, so 0 and max are valid values).
// Assumes (but does not validate) that max is a non-negative integer less than Number.MAX_SAFE_INTEGER.
// Does not use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG).
function getRandomInt(max) {
return Math.floor(Math.random() * (max + 1));
// How it works:
// Math.random() → returns a floating point number at least zero but less than one: [0..1)
// Math.random() * (max+1) → returns a floating point number at least 0 but less than (max+1): [0..max+1)
// floor(Math.random() * (max+1)) → returns an integer at least 0 but could be as high as max: [0..max]
@codingoutloud
codingoutloud / myip.py
Created February 2, 2020 16:43
Command line to get my public IP address by leveraging handy feature in OpenDNS
# OpenDNS resolves "myip.opendns.com" to the caller's publicly-facing IP.
# To use this feature, resolve that DNS name against an OpenDNS name server.
# https://github.com/rthalley/dnspython
# pip install dnspython
import dns.resolver
resolver = dns.resolver.Resolver()
-- Turn on Audit Logging to Blob for your Azure SQL Database. Then you can query who has logged in.
-- The example below assumes DB Server-level audit logging. Details will vary slightly for Database-level audit logging.
-- The example below shows who logged in so far today.
-- Change "-0" to "-1" to look at yesterday (from a UTC perspective, not your local timezone).
-- Change "-0" to "-100" to look at 100 days ago.
SELECT FORMATMESSAGE('%s (%s)', CAST(DATEADD(day, -0, CONVERT(date, SYSUTCDATETIME())) as varchar),
DATENAME(WEEKDAY, DATEADD(day, -0, SYSUTCDATETIME()))),
server_principal_name,
COUNT(server_principal_name) as 'Logins'
FROM sys.fn_get_audit_file(FORMATMESSAGE('https://<MYBLOB>.blob.core.windows.net/sqldbauditlogs/<MYDBSERVER>/<MYDB>/SqlDbAuditing_ServerAudit/%s/'
#r "Newtonsoft.Json"
using System.Net;
using System.Text;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
#r "Newtonsoft.Json"
using System.Net;
@codingoutloud
codingoutloud / run.csx
Created March 25, 2018 18:48
Get User Agent Summary from within an Azure Function using whatismybrowser.com API
#r "Newtonsoft.Json"
using System.Net;
using System.Net.Http;
using System.Text;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;