Peter Lambrechtsen plambrechtsen

## AzureSAMLCert.ps1
# Generate a 5 year self signed cert without KeyUsage, Subject Key Identifier and Enhanced Key Usage
# As per: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
$Certificate=New-SelfSignedCertificate –Subject "SAML SSO Certificate" -CertStoreLocation Cert:\CurrentUser\My -KeyUsage None -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5) -SuppressOid "2.5.29.14","2.5.29.37"

# Exported DER binary public key file
Export-Certificate -Cert $Certificate -FilePath ".\SSO.cer"

# Exported PEM text format public key file
$pemFileContent = @(
 '-----BEGIN CERTIFICATE-----'

## BurnToken2NFC.ps1

# Time step of the OTP. 1=30s, 2=60s
$TimeStep = 2
$AzureTime = $TimeStep * 30

# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s
$ScreenTimeout = 3

# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples
$RNG = [Security.Cryptography.RandomNumberGenerator]::Create()

## azurepublicwvdtocisco.py
import urllib.request
from bs4 import BeautifulSoup
import json

# Retrieve Azure Public URL to find JSON URL in the documnet
azure_public_IP_url = "https://www.microsoft.com/en-us/download/details.aspx?id=56519"
azure_public_IP_url_content = urllib.request.urlopen(azure_public_IP_url).read()
azure_public_IP_url_soup = BeautifulSoup(azure_public_IP_url_content, "html.parser")

azure_wvd_ip = []

## BulkEmail.csv

          
            to
            cc
            firstname
            fullname

            
              peter@email.local
              shared@email.local; manager@email.local
              Peter
              Peter Lambrechtsen

## selfsignedintermediate.sh
openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash'

openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA'

# -- Intermediate.ext --
cat <<EOF > Intermediate.ext
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier=hash
basicConstraints=CA:TRUE
keyUsage = digitalSignature, keyCertSign

## Cisco ASAv Quick Setup SSLVPN.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                plambrechtsen
                / Cisco ASAv Quick Setup SSLVPN.md
            
            
              Created
              July 13, 2023 07:26
            
              
                Cisco ASAv Local Deployment
              
          
      View Cisco ASAv Quick Setup SSLVPN.md
  
      
    Setting up Cisco ASAv with AnyConnect
Software Required from Cisco:

ASAv

https://software.cisco.com/download/home/286119613/type/280775065/release/9.18.3
There may be newer releases out, but this has been built with 9.18(3) using the VMWare Package.


## createcert.sh
openssl req -x509 -newkey rsa:2048 -sha256 -days 3560 -nodes -keyout server.key -out server.pem -subj '/CN=server' -addext 'subjectAltName = DNS:server, DNS:server.local'
openssl pkcs12 -export -inkey server.key -in server.pem -out server.pfx -passout pass:password

## ConvertTOTPSeed.py
'''
    Convert TOTP Base32 Seeds into Base16/Hex format and vice versa based on CSV with:
    SerialNumber,SeedValue
    If the seed value isn't a valid Base32 then the base32 decoder will exception so assume it's Base16/Hex
'''

import base64
import sys

filename = 'seeds.csv'

## crc.py
import crccheck
from operator import xor
from pathlib import Path

#Xor key from surepetpacket.xorkey
xorkey='000000589e6c5a71ba9633f8c7fc4eafce9ee203c3a89ee498822ba00d9bc7bde054d5dd4ab02ba61a01fa477aec124811273f59ee848b9303903b3acd74678f8305d5ef33df79d5d56e159656aff90055ae'

def tohex(ba):
  return ''.join(format(x, '02x') for x in ba)
	# Generate a 5 year self signed cert without KeyUsage, Subject Key Identifier and Enhanced Key Usage
	# As per: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
	$Certificate=New-SelfSignedCertificate –Subject "SAML SSO Certificate" -CertStoreLocation Cert:\CurrentUser\My -KeyUsage None -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5) -SuppressOid "2.5.29.14","2.5.29.37"

	# Exported DER binary public key file
	Export-Certificate -Cert $Certificate -FilePath ".\SSO.cer"

	# Exported PEM text format public key file
	$pemFileContent = @(
	'-----BEGIN CERTIFICATE-----'

	# Time step of the OTP. 1=30s, 2=60s
	$TimeStep = 2
	$AzureTime = $TimeStep * 30

	# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s
	$ScreenTimeout = 3

	# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples
	$RNG = [Security.Cryptography.RandomNumberGenerator]::Create()
	import urllib.request
	from bs4 import BeautifulSoup
	import json

	# Retrieve Azure Public URL to find JSON URL in the documnet
	azure_public_IP_url = "https://www.microsoft.com/en-us/download/details.aspx?id=56519"
	azure_public_IP_url_content = urllib.request.urlopen(azure_public_IP_url).read()
	azure_public_IP_url_soup = BeautifulSoup(azure_public_IP_url_content, "html.parser")

	azure_wvd_ip = []
	to	cc	firstname	fullname
	peter@email.local	shared@email.local; manager@email.local	Peter	Peter Lambrechtsen
	openssl req -x509 -newkey rsa:2048 -sha256 -days 365 -nodes -keyout Root.key -out Root.pem -subj '/CN=Root CA' -addext 'subjectKeyIdentifier=hash'

	openssl req -new -newkey rsa:2048 -sha256 -nodes -out Intermediate.csr -keyout Intermediate.key -subj '/CN=Intermediate CA'

	# -- Intermediate.ext --
	cat <<EOF > Intermediate.ext
	authorityKeyIdentifier=keyid,issuer
	subjectKeyIdentifier=hash
	basicConstraints=CA:TRUE
	keyUsage = digitalSignature, keyCertSign
	openssl req -x509 -newkey rsa:2048 -sha256 -days 3560 -nodes -keyout server.key -out server.pem -subj '/CN=server' -addext 'subjectAltName = DNS:server, DNS:server.local'
	openssl pkcs12 -export -inkey server.key -in server.pem -out server.pfx -passout pass:password
	'''
	Convert TOTP Base32 Seeds into Base16/Hex format and vice versa based on CSV with:
	SerialNumber,SeedValue
	If the seed value isn't a valid Base32 then the base32 decoder will exception so assume it's Base16/Hex
	'''

	import base64
	import sys

	filename = 'seeds.csv'
	import crccheck
	from operator import xor
	from pathlib import Path

	#Xor key from surepetpacket.xorkey
	xorkey='000000589e6c5a71ba9633f8c7fc4eafce9ee203c3a89ee498822ba00d9bc7bde054d5dd4ab02ba61a01fa477aec124811273f59ee848b9303903b3acd74678f8305d5ef33df79d5d56e159656aff90055ae'

	def tohex(ba):
	return ''.join(format(x, '02x') for x in ba)