Skip to content

Instantly share code, notes, and snippets.

View codingoutloud's full-sized avatar

Bill Wilder codingoutloud

View GitHub Profile
codingoutloud /
Created June 13, 2024 19:28
Quickly see more salient properties of Azure Subscriptions for logged-in user. Use from Azure Shell or use "az login" as needed before running.
# Bill Wilder, 13-June-2024
# Consider applying "chmod u+x" or similar to a local copy of this file as you see fit.
# If not being invoked from Azure Shell you need to ensure you have authenticated via "az login" before running.
az account list --query '[].{Name:name, ID:id}' --output tsv | awk -F'\t' '{print "Azure Subscription ID \"" $2 "\" is for Subscription named \"" $1 "\""}'
USERNAME=$(az account show --query '{}' --output tsv)
DEFSUB=$(az account list --query '[?isDefault].{Name:name}' --output tsv)
codingoutloud / foo.json
Created May 11, 2024 23:16
JSON file for testing
"days": 42
codingoutloud / mimikatz-lab-helpers.txt
Last active December 16, 2023 15:43
Windows Server 2016 lab
# For educational purposes only
## STEP 0 - Create a Windows VM in the cloud, such as a Windows 2016 Server in Azure, with RDP enabled
Log in via RDP
Open PowerShell as Administrator
if you want to download local PowerShell help to poke around:
Get-Help curl
codingoutloud /
Created November 26, 2023 19:14
Azure CLI wrapped for seeing who created a VM or reset the password. Uses only Activity Log (control plane) logs.
# comment out setting of the VM name to instead use the resource group (more results may be returned)
# you can also change the VM name here to focus on a different VM
if [ -z "${vmName}" ]; then
# if vmName is not set, use the resource group
# Mostly this script exists to simply make it possible/simple to do " foo.puml" to create "foo.png" from command line.
# If you want it even simpler - "puml foo.puml" (no ".sh" extension) consider using an alias.
# Here is example for .bash_profile:
# alias puml=~/bin/
for ARG in "$@"
if [ "$ARG" = "v" ]; then
if [ $# -eq 1 ]; then
## Create an Azure Map account in the Azure portal to get a new APIKEY.
## Azure Map API to look up the COUNTRY (two-char ISO) of the IP
Actual activity-log entry, redacted (...) and anonymized.
category = "Security"
level = "Informational"
The threatName and threatID values under properties match this:!ml&threatid=2147735508
codingoutloud / getRandomInt.js
Created August 30, 2020 17:21
JavaScript functions for choosing a random integer between 0 and some max value. There are two variants: one where max is supplied, and one where an array is supplied.
// Return a random integer in [0..max] (inclusive, so 0 and max are valid values).
// Assumes (but does not validate) that max is a non-negative integer less than Number.MAX_SAFE_INTEGER.
// Does not use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG).
function getRandomInt(max) {
return Math.floor(Math.random() * (max + 1));
// How it works:
// Math.random() → returns a floating point number at least zero but less than one: [0..1)
// Math.random() * (max+1) → returns a floating point number at least 0 but less than (max+1): [0..max+1)
// floor(Math.random() * (max+1)) → returns an integer at least 0 but could be as high as max: [0..max]
codingoutloud /
Created February 2, 2020 16:43
Command line to get my public IP address by leveraging handy feature in OpenDNS
# OpenDNS resolves "" to the caller's publicly-facing IP.
# To use this feature, resolve that DNS name against an OpenDNS name server.
# pip install dnspython
import dns.resolver
resolver = dns.resolver.Resolver()
-- Turn on Audit Logging to Blob for your Azure SQL Database. Then you can query who has logged in.
-- The example below assumes DB Server-level audit logging. Details will vary slightly for Database-level audit logging.
-- The example below shows who logged in so far today.
-- Change "-0" to "-1" to look at yesterday (from a UTC perspective, not your local timezone).
-- Change "-0" to "-100" to look at 100 days ago.
COUNT(server_principal_name) as 'Logins'
FROM sys.fn_get_audit_file(FORMATMESSAGE('https://<MYBLOB><MYDBSERVER>/<MYDB>/SqlDbAuditing_ServerAudit/%s/',