Skip to content

Instantly share code, notes, and snippets.


Fabian Bader f-bader

View GitHub Profile
View disablethings.bat
### Related to MalwareBytes LazyScripter
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtime
View SyncExchangeOnPremSendAsPermissions.ps1
This script syncs SendAs permissions from Exchange on-Prem to Exchange Online to avoid a misconfigured hybrid environment
Uses Azure Automation for scheduling and safely storing the on-Prem credentials as well as the authentication certificate for Exchange Online
* Azure Automation Account
* Hybrid Worker
* Setup App-only authentication (
* Install private certificate as exportable to Azure Automation Account as 'Exchange Hybrid Automation'
* Store OnPrem Exchange credentials in Azure Automation Account as 'Exchange onPrem'
f-bader / Test-IsO365IpAddress.ps1
Created Aug 23, 2019
Test if a IP address is part of the Office 365 endpoints
View Test-IsO365IpAddress.ps1
param (
# IP Address to check against Office 365 Range
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
Position = 0)]
# Port to check
[Parameter(Mandatory = $false,
f-bader / ARMClient.exe.config
Last active Jul 30, 2018
Proxy, proxy on the wall
View ARMClient.exe.config
<proxy usesystemdefault="false" autoDetect="false" proxyaddress="" bypassonlocal="true"/>
<add address="[a-z]+\.local\.bader\.cloud$" />
f-bader / Enable-OpenSSHServer.ps1
Created May 3, 2018
OpenSSH Server auf Windows 1709+ aktivieren
View Enable-OpenSSHServer.ps1
# OpenSSH Server installieren
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~
# Dienst starten
Start-Service sshd
# Starttyp auf "Automatisch" stellen
Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
View gist:fbfb731cc9b6b22119fe6cfdcdcf88ca
[UserName] = CASE princ.[type]
WHEN 'S' THEN princ.[name]
WHEN 'U' THEN ulogin.[name] COLLATE Latin1_General_CI_AI
[UserType] = CASE princ.[type]
WHEN 'U' THEN 'Windows User'
f-bader / InviteAzureUser.ps1
Created Jan 29, 2018
Create invite URL for Azure B2B
View InviteAzureUser.ps1
# Use Azure AD Username
$User = "AzureUsername"
$TargetTenant = "TargetTenant"
# Login
$Cred = Get-Credential
Connect-AzureAD -Credential $cred
# Generate Invitation, but do not send
$Invitation = New-AzureADMSInvitation -InvitedUserEmailAddress $User -InvitedUserDisplayName $User -InviteRedirectUrl "$($TargetTenant)" -SendInvitationMessage $false
# Copy redeem URL to clipboard
$Invitation | Select-Object –ExpandProperty InviteRedeemUrl | clip
f-bader / Get-MyAzureRmAutomationHybridWorkerGroup.ps1
Created Jan 29, 2018
Select all Hybrid Workers within the same Hybrid Worker Group as the current computer
View Get-MyAzureRmAutomationHybridWorkerGroup.ps1
$ComputerSystem = (Get-CimInstance Win32_ComputerSystem)
$FqDn = "$($ComputerSystem.Name).$($ComputerSystem.Domain)"
$HybridWorkerGroup = Get-AzureRmAutomationAccount | Get-AzureRMAutomationHybridWorkerGroup | Where-Object { $FqDn -in $_.RunbookWorker.Name }
View ConvertFrom-Xml.ps1
function ConvertFrom-Xml {
Converts XML object to PSObject representation for further ConvertTo-Json transformation
$xml = ConvertTo-Xml (get-content 1.json | ConvertFrom-Json) -Depth 4 -NoTypeInformation -as String
ConvertFrom-Xml ([xml]($xml)).Objects.Object | ConvertTo-Json
View TempDisableADSyncExportDeletionThreshold.ps1
Import-Module ADSync
# Your AAD Credentials
$Credential = Get-Credential
# Disable the deletion threshold
Disable-ADSyncExportDeletionThreshold -AADCredential $Credential
# Sync changes
Start-ADSyncSyncCycle -PolicyType Delta
# Enable deletion threshold with default value of 500
Enable-ADSyncExportDeletionThreshold -AADCredential $Credential -DeletionThreshold 500