Daniel Streefkerk dstreefkerk

## ConditionalAccess-PolicyNames_and_IDs.txt
SigninLogs
| mv-expand ConditionalAccessPolicies
| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id)
| distinct ID,DisplayName
| order by DisplayName asc

## ConditionalAccess-SignIns-ReportOnly.txt
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
SigninLogs
| mvexpand ConditionalAccessPolicies
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]

## Copy-Shrug.ps1
function Copy-Shrug {
    "¯\_(ツ)_/¯" | Set-Clipboard
    Write-Output "Shrug copied to clipboard"
}

New-Alias -name 'cps' -Value Copy-Shrug

## Get-MachineAccountQuotaUsers.ps1
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created

foreach ($machine in $machineAccountQuotaComputers) {
    $creator = $null
    try {
        $creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
    }
    catch {
        $creator = $machine.'ms-DS-CreatorSID'
    }

## CSVGridView.bat
@echo off

IF "%~1"=="" GOTO NOFILE
set CSVPATH=%~1

ECHO Loading CSV %CSVPATH%
powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH | Out-GridView -Wait -Title $env:CSVPATH};exit"
GOTO END

:NOFILE

## dfstargets.ps1
Get-DfsnFolder -Path \\internal.contoso.com\dfsroot\* | Get-DfsnFolderTarget | ? {$_.State -eq "Online"} | Group-Object -Property Path | ForEach-Object {$_.group[0]}

## Get-AussieGovDomains.ps1
<#
.DESCRIPTION
	Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/
#>


# https://data.gov.au/dataset/ds-dga-4d5301b2-bc64-4774-b437-56a408836e57/details
$dataUri = 'https://data.gov.au/data/api/3/action/datastore_search?resource_id=507f8129-b84c-4215-ae7d-5aca364e4a0e&limit=2000'

# Basic function to strip the URL down to the bare FQDN

## Invoke-QuerySpfViaCloudflareDoh.ps1

# Retrieve SPF records for a domain via Cloudflare DoH
$domain = 'example.com'
$result = Invoke-RestMethod -Uri "https://cloudflare-dns.com/dns-query?name=$domain&type=TXT" -Headers @{'accept'='application/dns-json'}

if ($result -ne $null) {
    if ($result.answer -ne $null) {
        $result.answer | Select-Object -ExpandProperty data |  Where-Object {$_ -like '*v=spf1*'}
    }
}

## Invoke-SpeechPrank.ps1
Add-Type -TypeDefinition @'
using System.Runtime.InteropServices;

[Guid("5CDF2C82-841E-4546-9722-0CF74078229A"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
interface IAudioEndpointVolume {
  // f(), g(), ... are unused COM method slots. Define these if you care
  int f(); int g(); int h(); int i();
  int SetMasterVolumeLevelScalar(float fLevel, System.Guid pguidEventContext);
  int j();
  int GetMasterVolumeLevelScalar(out float pfLevel);

## Invoke-RegexReplaceTest.ps1
# Regex Examples with -Replace
$testString = "ABCabc 123456_!#$%"

Write-Host "Remove all numbers in a string" -ForegroundColor Yellow
"Before: $testString"
"After: $($testString -replace '\d')"
""

Write-Host "Remove everything but numbers from a string" -ForegroundColor Yellow
"Before: $testString"
	SigninLogs
	\| mv-expand ConditionalAccessPolicies
	\| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id)
	\| distinct ID,DisplayName
	\| order by DisplayName asc
	// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
	SigninLogs
	\| mvexpand ConditionalAccessPolicies
	\| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
	\| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]
	function Copy-Shrug {
	"¯\_(ツ)_/¯" \| Set-Clipboard
	Write-Output "Shrug copied to clipboard"
	}

	New-Alias -name 'cps' -Value Copy-Shrug
	$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created

	foreach ($machine in $machineAccountQuotaComputers) {
	$creator = $null
	try {
	$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
	}
	catch {
	$creator = $machine.'ms-DS-CreatorSID'
	}
	@echo off

	IF "%~1"=="" GOTO NOFILE
	set CSVPATH=%~1

	ECHO Loading CSV %CSVPATH%
	powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH \| Out-GridView -Wait -Title $env:CSVPATH};exit"
	GOTO END

	:NOFILE
	<#
	.DESCRIPTION
	Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/
	#>


	# https://data.gov.au/dataset/ds-dga-4d5301b2-bc64-4774-b437-56a408836e57/details
	$dataUri = 'https://data.gov.au/data/api/3/action/datastore_search?resource_id=507f8129-b84c-4215-ae7d-5aca364e4a0e&limit=2000'

	# Basic function to strip the URL down to the bare FQDN

	# Retrieve SPF records for a domain via Cloudflare DoH
	$domain = 'example.com'
	$result = Invoke-RestMethod -Uri "https://cloudflare-dns.com/dns-query?name=$domain&type=TXT" -Headers @{'accept'='application/dns-json'}

	if ($result -ne $null) {
	if ($result.answer -ne $null) {
	$result.answer \| Select-Object -ExpandProperty data \| Where-Object {$_ -like 'v=spf1'}
	}
	}
	Add-Type -TypeDefinition @'
	using System.Runtime.InteropServices;

	[Guid("5CDF2C82-841E-4546-9722-0CF74078229A"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
	interface IAudioEndpointVolume {
	// f(), g(), ... are unused COM method slots. Define these if you care
	int f(); int g(); int h(); int i();
	int SetMasterVolumeLevelScalar(float fLevel, System.Guid pguidEventContext);
	int j();
	int GetMasterVolumeLevelScalar(out float pfLevel);
	# Regex Examples with -Replace
	$testString = "ABCabc 123456_!#$%"

	Write-Host "Remove all numbers in a string" -ForegroundColor Yellow
	"Before: $testString"
	"After: $($testString -replace '\d')"
	""

	Write-Host "Remove everything but numbers from a string" -ForegroundColor Yellow
	"Before: $testString"