dreadsend
dreadsend
/ New-Prooftoken.ps1
Last active
March 29, 2024 21:48
PowerShell Implementation of Prooftokens for Entra ID Application Certificate Rotation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Documentation: https://learn.microsoft.com/en-us/graph/application-rollkey-prooftoken?tabs=powershell | |
| # https://learn.microsoft.com/en-us/graph/api/application-addkey?view=graph-rest-1.0&tabs=http | |
| function New-Prooftoken { | |
| param ( | |
| [Parameter(Mandatory = $true)] | |
| [string]$clientId, | |
| [Parameter(Mandatory = $true)] | |
| [System.Security.Cryptography.X509Certificates.X509Certificate2]$cert | |
| ) |
dreadsend
/ New-Pbkdf2Hash.ps1
Created
February 12, 2024 21:11
Function to Generate Password Hashes with a given Salt Value
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-Pbkdf2Hash { | |
| param ( | |
| [Parameter(Mandatory = $true, Position = 0)] | |
| [ValidateNotNull()] | |
| [string]$toHash, | |
| [Parameter(Mandatory = $true, Position = 1)] | |
| [ValidateNotNull()] | |
| [Securestring]$salt, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $results = [System.Collections.Generic.List[Object]]::new() | |
| # Batches Currently have a max Request Amount of 20 | |
| for ($i = 0; $i -lt $users.Count; $i += 20) { | |
| $batchObjects = $users[$i..($i + 19)] | |
| $batch = @{} | |
| $batch['requests'] = [System.Collections.Generic.List[Object]]::new() | |
| $number = 0 | |
| foreach ($id in $batchObjects.id){ | |
| $batch['requests'].Add(@{ |
dreadsend
/ connect-ropc.ps1
Last active
February 12, 2024 21:57
PowerShell: Connecting to Microsoft Graph with a Users Username and Password instad of an interactive Flow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Note: To use -publicClient you must explicitly enable public clients on the App Registration | |
| # For details on why you should avoid this as much as Possible see https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc | |
| function Connect-ROPCGraph { | |
| param ( | |
| [Parameter(ParameterSetName = "PublicClient", Mandatory = $true)] | |
| [Parameter(ParameterSetName = "ClientCert", Mandatory = $true)] | |
| [Parameter(ParameterSetName = "ClientCredentials", Mandatory = $true)] | |
| [ValidateNotNull()] | |
| [System.Management.Automation.PSCredential]$userCredentials, |