This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, connect to Microsoft Graph | |
Connect-MgGraph -Scopes "Policy.Read.All", "Directory.Read.All" | |
# Retrieve all Conditional Access policies | |
$policies = Get-MgIdentityConditionalAccessPolicy | |
# Iterate through each policy | |
foreach ($policy in $policies) { | |
[pscustomobject]@{ | |
ID = $policy.Id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure | |
SigninLogs | |
| mvexpand ConditionalAccessPolicies | |
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure" | |
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Version 5 -Module NetSecurity -RunAsAdministrator | |
<# | |
.SYNOPSIS | |
Create-MitigationFirewallRules - Creates Windows Firewall rules to mitigate certain app whitelisting bypasses and to prevent command interpreters from accessing the Internet | |
.DESCRIPTION | |
A script to automatically generate Windows Firewall with Advanced Security outbound rules | |
to prevent malware from being able to dial home. | |
These programs will only be allowed to communicate to IP addresses within the private IPv4 RFC1918 ranges: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Enable-DisabledOfficeAddins.ps1 - Enable specific Office add-ins | |
.DESCRIPTION | |
Re-enables specific Microsoft Office add-ins that are: | |
1. Listed in Disabled Items | |
2. Disabled in COM Add-Ins | |
This is designed to re-enable troublesome add-ins that often get disabled by Office. In this case, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created | |
foreach ($machine in $machineAccountQuotaComputers) { | |
$creator = $null | |
try { | |
$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value | |
} | |
catch { | |
$creator = $machine.'ms-DS-CreatorSID' | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Retrieves and exports group data from Atlassian Crowd via REST API. | |
.DESCRIPTION | |
The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory. | |
It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory. | |
Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Connect to Microsoft Graph | |
Connect-MgGraph -Scopes "User.Invite.All" | |
# Microsoft Graph API endpoint for invitations | |
$graphApiUrl = "https://graph.microsoft.com/v1.0/invitations" | |
# Create the invitation object | |
$invitation = @{ | |
invitedUserDisplayName = "Daniel Streefkerk" | |
invitedUserEmailAddress = "daniel@example.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV | |
# Note: will also run fine if there's just a single JSON file in the output folder | |
# | |
# Hard-coded to grab FAILures only, not PASSes | |
# | |
# Make sure that only relevant findings files are being merged to CSV. i.e. remove old output files from previous runs | |
# Path to the default Prowler output folder | |
$prowlerReportsFolder = Join-Path -Path $env:USERPROFILE -ChildPath "output" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#requires -version 3 | |
<# | |
.SYNOPSIS | |
Get-DhcpServerLog - Reads the Windows DHCP server logs | |
.DESCRIPTION | |
The Windows DHCP server logs are stored in CSV format in C:\Windows\System32\dhcp | |
It's difficult to read these logs in Notepad due to them being in CSV format. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Jobs older than the below time will be deleted | |
$thresholdTime = (Get-Date).AddDays(-1) | |
# Get all current print jobs | |
$printJobs = Get-WmiObject Win32_PrintJob | |
ForEach ($printJob in $printJobs) { | |
# Convert the weird WMI time to a proper .NET DateTime object | |
$jobTime = [System.Management.ManagementDateTimeConverter]::ToDateTime($printJob.TimeSubmitted) | |
NewerOlder