Joerg Hochwald jhochwald

## Invoke-MitigatePrinterHell.ps1
<#
   .SYNOPSIS
      Mitigate CVE-2021-1675 related issues

   .DESCRIPTION
      Disable the printer spool on all servers within a Domain.
      You need admin permission and PowerShell needs to be configured and
      enabled for the user that executes the script.

   .EXAMPLE

## Invoke-EnableLoggingToFindPrinterHell.ps1
<#
   .SYNOPSIS
      Configure the logging to find CVE-2021-1675 related incidents

   .DESCRIPTION
      Configure the logging to find CVE-2021-1675 related incidents

   .EXAMPLE
      PS C:\> .\Invoke-EnableLoggingToFindPrinterHell

## Get-MobileDeviceReporting.ps1
#requires -Version 3.0 -Modules ExchangeOnlineManagement
<#
   .SYNOPSIS
      Get a basic report of Mobile Devices

   .DESCRIPTION
      Get a basic report of Mobile Devices connected to the Microsoft 365 Tenant

   .EXAMPLE
      PS C:\> .\Get-MobileDeviceReporting.ps1

## Get-OneDriveUsageReport.ps1
#requires -Version 3.0 -Modules Microsoft.Online.SharePoint.PowerShell

<#
   .SYNOPSIS
      Generates a basic usage report for OneDrive for Business sites

   .DESCRIPTION
      Generates a basic usage report for OneDrive for Business sites
      The report will contain the following information:
      - Owner (UPN)

## ADMX–OneDrive.admx-KFM.json
{
  "@odata.type": "#microsoft.graph.windows10CustomConfiguration",
  "id": "f2d6ce45-3bc7-4584-b391-120aa53eabea",
  "lastModifiedDateTime": "2018-09-09T13:47:31.4040135Z",
  "createdDateTime": "2018-07-07T14:21:22.3292533Z",
  "description": "",
  "displayName": "ADMX - OneDrive - KFM.admx",
  "version": 7,
  "omaSettings": [
    {

## invoke-ExchangeSafetyRules.ps1
#requires -Version 3.0 -Modules ExchangeOnlineManagement, MSOnline

<#
    .SYNOPSIS
    Deploying Exchange Online security and spoofing warnings rules

    .DESCRIPTION
    Deploying Exchange Online security and spoofing warnings rules

    .EXAMPLE

## Get-FritzBoxEvents.ps1
function Get-FritzBoxEvents
{
   <#
      .SYNOPSIS
      Get the Events from a FritzBox router

      .DESCRIPTION
      Get the Events from a FritzBox router

      .PARAMETER FritzBoxUser

## Get-HafniumReports.ps1
<#
   .SYNOPSIS
   Helper script to investigate a Hafnium attack

   .DESCRIPTION
   Helper script to investigate a Hafnium attack

   .PARAMETER ReportPath
   Where to save the reports

## Invoke-GetAzureADAuditSignInLogs.ps1
<#
	.SYNOPSIS
	Get the AzureAD Audit Sign-In Logs

	.DESCRIPTION
	Get the AzureAD Audit Sign-In Logs and create several CSV files

	.PARAMETER Days
	Days to search

## Get-MicrosoftWhiteboardReport.ps1
#requires -Version 3.0 -Modules AzureAD, WhiteboardAdmin
function Get-MicrosoftWhiteboardReport
{
  <#
      .SYNOPSIS
      Get all Whiteboards for a given user

      .DESCRIPTION
      Get all Whiteboards for a given UserID or UserPrincipalName
	<#
	.SYNOPSIS
	Mitigate CVE-2021-1675 related issues

	.DESCRIPTION
	Disable the printer spool on all servers within a Domain.
	You need admin permission and PowerShell needs to be configured and
	enabled for the user that executes the script.

	.EXAMPLE
	<#
	.SYNOPSIS
	Configure the logging to find CVE-2021-1675 related incidents

	.DESCRIPTION
	Configure the logging to find CVE-2021-1675 related incidents

	.EXAMPLE
	PS C:\> .\Invoke-EnableLoggingToFindPrinterHell
	#requires -Version 3.0 -Modules ExchangeOnlineManagement
	<#
	.SYNOPSIS
	Get a basic report of Mobile Devices

	.DESCRIPTION
	Get a basic report of Mobile Devices connected to the Microsoft 365 Tenant

	.EXAMPLE
	PS C:\> .\Get-MobileDeviceReporting.ps1
	#requires -Version 3.0 -Modules Microsoft.Online.SharePoint.PowerShell

	<#
	.SYNOPSIS
	Generates a basic usage report for OneDrive for Business sites

	.DESCRIPTION
	Generates a basic usage report for OneDrive for Business sites
	The report will contain the following information:
	- Owner (UPN)
	{
	"@odata.type": "#microsoft.graph.windows10CustomConfiguration",
	"id": "f2d6ce45-3bc7-4584-b391-120aa53eabea",
	"lastModifiedDateTime": "2018-09-09T13:47:31.4040135Z",
	"createdDateTime": "2018-07-07T14:21:22.3292533Z",
	"description": "",
	"displayName": "ADMX - OneDrive - KFM.admx",
	"version": 7,
	"omaSettings": [
	{
	#requires -Version 3.0 -Modules ExchangeOnlineManagement, MSOnline

	<#
	.SYNOPSIS
	Deploying Exchange Online security and spoofing warnings rules

	.DESCRIPTION
	Deploying Exchange Online security and spoofing warnings rules

	.EXAMPLE
	function Get-FritzBoxEvents
	{
	<#
	.SYNOPSIS
	Get the Events from a FritzBox router

	.DESCRIPTION
	Get the Events from a FritzBox router

	.PARAMETER FritzBoxUser
	<#
	.SYNOPSIS
	Helper script to investigate a Hafnium attack

	.DESCRIPTION
	Helper script to investigate a Hafnium attack

	.PARAMETER ReportPath
	Where to save the reports
	<#
	.SYNOPSIS
	Get the AzureAD Audit Sign-In Logs

	.DESCRIPTION
	Get the AzureAD Audit Sign-In Logs and create several CSV files

	.PARAMETER Days
	Days to search
	#requires -Version 3.0 -Modules AzureAD, WhiteboardAdmin
	function Get-MicrosoftWhiteboardReport
	{
	<#
	.SYNOPSIS
	Get all Whiteboards for a given user

	.DESCRIPTION
	Get all Whiteboards for a given UserID or UserPrincipalName