Skip to content

Instantly share code, notes, and snippets.

View cybergavin's full-sized avatar

cybergavin cybergavin

7 followers · 1 following
View GitHub Profile
@cybergavin
cybergavin / kerb-enc.md
Last active June 25, 2021 04:14
Kerberos Ticket encryption
Logging
  • Enable Audit Kerberos Service Ticket Operations under Account Logon
  • Enabling this audit category on Domain Controllers will result in two interesting event ids being logged
  1. 4769: A Kerberos service ticket (TGS) was requested
  2. 4770: A Kerberos service ticket was renewed
Kerberos Encryption

"In practical terms, a Windows computer starts a Kerberos conversation sending a list of supported encryption types (ETypes). The KDC responds to the list with the most secure encryption type they both support."

@cybergavin
cybergavin / az-cli-aadgroup-members.md
Last active June 3, 2022 09:30
List Azure AD Group members

List all UPNs for members of an Azure AD Group (local or synced from on-premises) using Azure CLI

az ad group member list --group team-14 --query [].userPrincipalName --output tsv

OR

az ad group member list --group  --query [].userPrincipalName |egrep -v "\[|\]" | sed "s/\"//g;s/,//g;s/^ .//g"
@cybergavin
cybergavin / AD-ldaps.md
Created April 4, 2021 21:21
Active Directory LDAPS

Add DC machine cert to Certificates --> Services(Active Directory Domain Certificates) --> NTDS\Personal\Certificates

@cybergavin
cybergavin / hashicorp-vault-setup.md
Last active April 4, 2021 21:38
Hashicorp Vault 1.17 Setup

  • Install vault on RHEL 8

    sudo dnf install yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install vault

  • Confirm that vault has been installed

     # Check vault version

vault -v

@cybergavin
cybergavin / Upgrade_Az_LB.md
Created March 30, 2021 01:13
Az-LB-Upgrade

Upgrade Azure Load Balancer from Basic to Standards

  Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
  Connect-AzAccount -UseDeviceAuthentication
  Set-AzContext -Subscription "7634gvhjhjg76r83432rfefe"
  vi AzurePublicLBUpgrade.ps1 # Create script

.\AzurePublicLBUpgrade.ps1 -oldRgName "old-rg" -oldLBName "basic-lb" -newLbName "std-lb"

@cybergavin
cybergavin / update-ca-rhel8.md
Created March 28, 2021 22:55
Add CA Cert to Trust store

Add new CA cert - ca-certificates package must be installed

  sudo cp <ca.crt> /usr/share/pki/ca-trust-source/anchors/

sudo update-ca-trust

@cybergavin
cybergavin / rhel8-gitlab-runner.md
Last active March 28, 2021 22:26
Install GitLab Runner on RHEL8

Installed from rpm rather than binary due to the following advantages:

  • User gitlab-runner automatically created

  • gitlab-runner automatically installed as a service and enabled

    sudo dnf install -y git
curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/rpm/gitlab-runner_amd64.rpm"

sudo rpm -ivh gitlab-runner_amd64.rpm

@cybergavin
cybergavin / AD-ListDirectReports.ps1
Last active March 11, 2021 13:55
AD - List directreports
List sAMAccountName for direct reports to a manager in Active Directory
Get-ADUser -Identity <manager> -Properties directreports | select-object -ExpandProperty DirectReports `
| %{Get-ADUser $_ | Select sAMAccountName}
@cybergavin
cybergavin / rhsub.md
Last active February 15, 2021 19:46
Red Hat Subscription

  • Register new system on Red Hat Portal

  • Download Identity certificate for new system

  • Extract cert and key into /etc/pki/consumer/cert.pem and /etc/pki/consumer/key.pem and the system should be automatically registered

  • Attach subscriptions usig the Portal or the following:

    subscription-manager attach --pool=<pool-id>

  • In order to receive repos, you must ensure the following:

sudo subscription-manager config --rhsm.manage_repos=1

@cybergavin
cybergavin / ntx-api.sh
Created January 26, 2021 06:07
Nutanix API Calls
# Get VM UUID from PC
curl -k -X "POST" \
-H "${acceptHeader}" \
-H "${authHeader}" \
-H "${contentHeader}" \
-d '{"kind":"vm","filter":"'"vm_name==$userDataHostname"'"}' "${ntxApiEndpoint}" \
| jq -r --arg VM $userDataHostname '.entities[] | select (.spec.resources.guest_customization.cloud_init.custom_key_values.hostname==$VM) | .metadata.uuid'
#Example Output:
#---------------