Matthew Dowst mdowst

## AzureVM-Log4j.ps1
<#
This script will query all Azure Subscriptions for Windows Virtual Machines and check them for the presence of potential Log4j vulnerabilities.
It checks for Java installations and search all files for Log4j JAR files. This is not a conclusive scan, but is a good way to quickly
identify potentially at risk machines.

To function correctly, the VM requires connectivity (port 443) to Azure public IP addresses.

Updated 12/22/2021 - Now includes ability to scan Arc servers

The account running this script must have read access to the VMs along with

## FindTwitterFriendsOnMastodon.ps1
<#
Uses BluebirdPS to get all of the people you follow on Twitter.
Then searches their profile for potential Mastodon usernames.
To setup BluebirdPS: https://github.com/thedavecarroll/BluebirdPS
#>
$TwitterFriends = Get-TwitterFriends

# The property fields to search
$properties = 'Name','Description'


## Test-AzureAutomationRegions.ps1
<#
This script was created to test the output and runtimes for Azure Automation runbooks running in different regions.
It is scope to only us regions. Update line 23 to use different areas.
#>
$SubscriptionId = ''
$ResourceGroupName = ''
$Runbook = 'Test-Sandbox'

if ($(Get-AzContext).Subscription.SubscriptionId -ne $SubscriptionId) {
    Set-AzContext -SubscriptionId $SubscriptionId -ErrorAction SilentlyContinue

## Find-AutomationRunAsAccounts.ps1
<#
This script contains functions to help you identify potential runbooks still using Run As accounts.
If requires that you have the Az modules installed and that you are authenticated to Azure.

Azure Automation Run As Account will retire on September 30, 2023 and will be replaced with Managed Identities.
Before that date, you'll need to migrate your runbooks to use managed identities.

However, just the presence of a Run As account doesn’t mean a it is being used. Often these were just created
during the automation account provisioning. This script help to determine if you are using the Run As account
by search through the runbooks to find references to the Run As Account actually being called. Then finds the

## CVE-2024-20666_Checker.ps1
<#
.SYNOPSIS
Checks the WinRE environment on the local machine to see if it has been patched against CVE-2024-20666

.DESCRIPTION
Runs the reagentc command to get the WinRE path. Then runs DISM to get the version and build.
The version and build are checked against the values listed in the CVE to ensure that the
WinRE environment has been patched.
	<#
	This script will query all Azure Subscriptions for Windows Virtual Machines and check them for the presence of potential Log4j vulnerabilities.
	It checks for Java installations and search all files for Log4j JAR files. This is not a conclusive scan, but is a good way to quickly
	identify potentially at risk machines.

	To function correctly, the VM requires connectivity (port 443) to Azure public IP addresses.

	Updated 12/22/2021 - Now includes ability to scan Arc servers

	The account running this script must have read access to the VMs along with
	<#
	Uses BluebirdPS to get all of the people you follow on Twitter.
	Then searches their profile for potential Mastodon usernames.
	To setup BluebirdPS: https://github.com/thedavecarroll/BluebirdPS
	#>
	$TwitterFriends = Get-TwitterFriends

	# The property fields to search
	$properties = 'Name','Description'
	<#
	This script was created to test the output and runtimes for Azure Automation runbooks running in different regions.
	It is scope to only us regions. Update line 23 to use different areas.
	#>
	$SubscriptionId = ''
	$ResourceGroupName = ''
	$Runbook = 'Test-Sandbox'

	if ($(Get-AzContext).Subscription.SubscriptionId -ne $SubscriptionId) {
	Set-AzContext -SubscriptionId $SubscriptionId -ErrorAction SilentlyContinue
	<#
	This script contains functions to help you identify potential runbooks still using Run As accounts.
	If requires that you have the Az modules installed and that you are authenticated to Azure.

	Azure Automation Run As Account will retire on September 30, 2023 and will be replaced with Managed Identities.
	Before that date, you'll need to migrate your runbooks to use managed identities.

	However, just the presence of a Run As account doesn’t mean a it is being used. Often these were just created
	during the automation account provisioning. This script help to determine if you are using the Run As account
	by search through the runbooks to find references to the Run As Account actually being called. Then finds the
	<#
	.SYNOPSIS
	Checks the WinRE environment on the local machine to see if it has been patched against CVE-2024-20666

	.DESCRIPTION
	Runs the reagentc command to get the WinRE path. Then runs DISM to get the version and build.
	The version and build are checked against the values listed in the CVE to ensure that the
	WinRE environment has been patched.