Skip to content

Instantly share code, notes, and snippets.

View sathishphcl's full-sized avatar

sathishphcl

3 followers · 163 following
View GitHub Profile
@sathishphcl
sathishphcl / CopyManagedDisk.ps1
Created July 15, 2022 19:34 — forked from Wuerger/CopyManagedDisk.ps1
# CopyManagedDisk.ps1
# Morgan Simonsen
# morgansimonsen.com
#
# Copies an Azure managed disk from one Azure region to another via a storage account
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True,Position=1,
HelpMessage="Source resource group where the managed disk(s) to copy is.")]
@sathishphcl
sathishphcl / mirror-images.yml
Created June 25, 2022 17:03 — forked from dcode/mirror-images.yml
Ansible playbook to pull docker images, write them to disk as tarballs, then optionally restore them to local container storage
---
- hosts: localhost
become: True
vars:
archive_path: /home/vagrant/containers
containers:
- name: quay.io/dcode/strelka_manager
tag: latest
id: 8b8321cf9c81
- name: quay.io/dcode/strelka_frontend
@sathishphcl
sathishphcl / setupiisforsslperfectforwardsecrecy_v17.ps1
Created June 14, 2022 12:47 — forked from jbratu/setupiisforsslperfectforwardsecrecy_v17.ps1
Great powershell script for tightening HTTPS security on IIS and disabling insecure protocols and ciphers. Very useful on core installations.
# Copyright 2019, Alexander Hass
# https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12
#
# After running this script the computer only supports:
# - TLS 1.2
#
# Version 3.0.1, see CHANGELOG.txt for changes.
Write-Host 'Configuring IIS with SSL/TLS Deployment Best Practices...'
Write-Host '--------------------------------------------------------------------------------'
@sathishphcl
sathishphcl / powershell_eventlog_parsing.ps1
Created June 8, 2022 08:36 — forked from exp0se/powershell_eventlog_parsing.ps1
Powershell log parsing
#Security log
#============
####
#4624 - Logon & Logoff events successful
#4625 - Logon unsucceful
####
# Get usernames
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique
# Get domains
@sathishphcl
sathishphcl / Invoke-AzVMScript
Created June 6, 2022 15:20 — forked from JPRuskin/Invoke-AzVMScript
using namespace Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters
function Invoke-AzVMScript {
[CmdletBinding()]
param(
[Parameter(Mandatory)]
[ResourceGroupCompleter()]
[string]$ResourceGroupName,
[Parameter(Mandatory)]
@sathishphcl
sathishphcl / gcp cheats.md
Created March 24, 2022 10:09 — forked from 5stars217/gcp cheats.md

Purpose

*Most pentesting and gcp privilege escalation stuff out there for GCP assumes what I'm finding to be an absurd level of access handed to you.(i.e Human 2fa protected accounts, organization-wide read only IAM perms, etc that is not suitable for use in black box testing of mature environments.
There's a lot of data you need to use the gcp api only available behind mandatory 2fa protected human accounts that service accounts and low tier project accounts simply do not have access to enumerating if you find yourself having popped an application or shelled a instance somehow and have console-only access.

Intent of this is to break down various categories of escalation that will be available to service accounts, as well as point out various showstoppers.

@sathishphcl
sathishphcl / Create and Manage Cloud Resources: Challenge Lab Toggle
Created March 24, 2022 10:08 — forked from hp89dn/Create and Manage Cloud Resources: Challenge Lab Toggle
Getting Started: Create and Manage Cloud Resources: Challenge Lab Toggle
gcloud config set compute/zone us-east1-b
gcloud container clusters create nucleus-jumphost-webserver1
gcloud container clusters get-credentials nucleus-jumphost-webserver1
kubectl create deployment hello-app --image=gcr.io/google-samples/hello-app:2.0
kubectl expose deployment hello-app --type=LoadBalancer --port 8080
kubectl get service
cat << EOF > startup.sh
#! /bin/bash
apt-get update
@sathishphcl
sathishphcl / 1-orgs-archetype.md
Created March 24, 2022 10:04 — forked from AAugustine/1-orgs-archetype.md
Orgs and Teams Best Practices

Organization archetypes

The intention of this document is to provide some guidance and suggestions to customers who are wondering how they should structure organizations and teams in their GitHub Enterprise environment. The idea isn't to give hard and fast rules on which approach is better than the other, but to give examples of when one approach might be preferable to another depending on the use case.

1. A single organization with direct organization membership for repository access (not teams)

          ________________
          |     Org      |
          |    ______    |
          |   |      |\  |

| | Repo | \ |

@sathishphcl
sathishphcl / InstallConfigureRemoteDesktopGateway.ps1
Created January 4, 2022 10:35 — forked from nordineb/InstallConfigureRemoteDesktopGateway.ps1
Configure Remote Desktop Gateway
<#
.SYNOPSIS
This script:
Creates a new resource group
Creates a VNet with two subnets in the RG
Allocates a static public IP
Creates a NSG and adds rules permitting TCP 3389, 80 and 443
Launches a WinSrv2012R2 instance
Configures RDG server via Remote Desktop Services PowerShell provider using a DSC configuration
The DSC configuration:
@sathishphcl
sathishphcl / Migrate-AzureVM.ps1
Created December 31, 2021 02:02 — forked from scott-kloud/Migrate-AzureVM.ps1
Migrates a Azure Virtual Machine to another subscription or data centre
<#
.SYNOPSIS
Migrates a Azure Virtual Machine to another subscription or data centre
.DESCRIPTION
Shutsdown the source VM
Exports the VM config to a temporary file
Loops through all Azure disks attached to the source VM
Schedules an async copy of the underlying VHD to the destination storage account
- optionally overwrites existing VHD in destination if it exists