Daniel dstreefkerk
dstreefkerk
/ gist:ffb233ce57585818f3887b63b6310188
Created
March 27, 2024 00:55
List conditional access policies via PowerShell, including if they apply to MS Admin Portals (CIS Azure Foundations 1.2.7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First, connect to Microsoft Graph | |
| Connect-MgGraph -Scopes "Policy.Read.All", "Directory.Read.All" | |
| # Retrieve all Conditional Access policies | |
| $policies = Get-MgIdentityConditionalAccessPolicy | |
| # Iterate through each policy | |
| foreach ($policy in $policies) { | |
| [pscustomobject]@{ | |
| ID = $policy.Id |
dstreefkerk
/ ConditionalAccess-SignIns-ReportOnly.txt
Last active
March 6, 2024 16:55
KQL Query to retrieve all Azure AD sign-ins that failed a Conditional Access policy in Report-Only mode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure | |
| SigninLogs | |
| | mvexpand ConditionalAccessPolicies | |
| | where ConditionalAccessPolicies["result"] == "reportOnlyFailure" | |
| | project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"] |
dstreefkerk
/ Create-MitigationFirewallRules.ps1
Last active
February 22, 2024 18:18
A script to automatically generate Windows Firewall with Advanced Security outbound rules to prevent malware from being able to dial home.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 5 -Module NetSecurity -RunAsAdministrator | |
| <# | |
| .SYNOPSIS | |
| Create-MitigationFirewallRules - Creates Windows Firewall rules to mitigate certain app whitelisting bypasses and to prevent command interpreters from accessing the Internet | |
| .DESCRIPTION | |
| A script to automatically generate Windows Firewall with Advanced Security outbound rules | |
| to prevent malware from being able to dial home. | |
| These programs will only be allowed to communicate to IP addresses within the private IPv4 RFC1918 ranges: |
dstreefkerk
/ Enable-DisabledOfficeAddins.ps1
Last active
February 3, 2024 08:57
PowerShell script designed to run at the machine-level to re-enable troublesome add-ins that often get disabled by Office. By default this script is looking for add-ins that relate to HP Interwoven WorkSite.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Enable-DisabledOfficeAddins.ps1 - Enable specific Office add-ins | |
| .DESCRIPTION | |
| Re-enables specific Microsoft Office add-ins that are: | |
| 1. Listed in Disabled Items | |
| 2. Disabled in COM Add-Ins | |
| This is designed to re-enable troublesome add-ins that often get disabled by Office. In this case, |
dstreefkerk
/ Get-MachineAccountQuotaUsers.ps1
Created
January 29, 2020 04:38
Gets a list of AD computers that were created by regular users exercising their default right to create up to 10 computer accounts in an AD domain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created | |
| foreach ($machine in $machineAccountQuotaComputers) { | |
| $creator = $null | |
| try { | |
| $creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value | |
| } | |
| catch { | |
| $creator = $machine.'ms-DS-CreatorSID' | |
| } |
dstreefkerk
/ Export-CrowdGroupData.ps1
Last active
December 9, 2023 06:49
Script to retrieve and export group data from Atlassian Crowd via REST API.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Retrieves and exports group data from Atlassian Crowd via REST API. | |
| .DESCRIPTION | |
| The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory. | |
| It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory. | |
| Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/ |
dstreefkerk
/ invite-entra-guests-msgraph.ps1
Created
December 7, 2023 04:05
Invite Entra ID Guests with a customised message body and a specific CC recipient using Invoke-MgGraphRequest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Connect to Microsoft Graph | |
| Connect-MgGraph -Scopes "User.Invite.All" | |
| # Microsoft Graph API endpoint for invitations | |
| $graphApiUrl = "https://graph.microsoft.com/v1.0/invitations" | |
| # Create the invitation object | |
| $invitation = @{ | |
| invitedUserDisplayName = "Daniel Streefkerk" | |
| invitedUserEmailAddress = "daniel@example.com" |
dstreefkerk
/ Get-ProwlerJSONFindingsCSV.ps1
Last active
August 23, 2023 06:24
Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV | |
| # Note: will also run fine if there's just a single JSON file in the output folder | |
| # | |
| # Hard-coded to grab FAILures only, not PASSes | |
| # | |
| # Make sure that only relevant findings files are being merged to CSV. i.e. remove old output files from previous runs | |
| # Path to the default Prowler output folder | |
| $prowlerReportsFolder = Join-Path -Path $env:USERPROFILE -ChildPath "output" |
dstreefkerk
/ Get-DhcpServerLog.ps1
Last active
December 12, 2022 06:58
A basic function to read the DHCP logs locally on a Windows server, and output them in a usable format.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 3 | |
| <# | |
| .SYNOPSIS | |
| Get-DhcpServerLog - Reads the Windows DHCP server logs | |
| .DESCRIPTION | |
| The Windows DHCP server logs are stored in CSV format in C:\Windows\System32\dhcp | |
| It's difficult to read these logs in Notepad due to them being in CSV format. |
dstreefkerk
/ Remove-OldPrintJobs.ps1
Created
June 16, 2017 00:09
A quick PowerShell script to remove stale print jobs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Jobs older than the below time will be deleted | |
| $thresholdTime = (Get-Date).AddDays(-1) | |
| # Get all current print jobs | |
| $printJobs = Get-WmiObject Win32_PrintJob | |
| ForEach ($printJob in $printJobs) { | |
| # Convert the weird WMI time to a proper .NET DateTime object | |
| $jobTime = [System.Management.ManagementDateTimeConverter]::ToDateTime($printJob.TimeSubmitted) | |
NewerOlder