Skip to content

Instantly share code, notes, and snippets.


Joshua Small technion

View GitHub Profile
technion / LicenseManagement.ps1
Created Nov 13, 2020
Office 365 license management
View LicenseManagement.ps1
Set-StrictMode -Version 2
# Connect first
# Connect-AzureAD
function Get-LicencesforUser
# $user should be populated with
# $user = Get-AzureADUser -ObjectId
technion / tank.wa
Created Nov 12, 2020
Warlock tanking weak aura
View tank.wa
technion / Scan-Netlogon-Secure.ps1
Last active Aug 16, 2020
Search domain controllers for events relating to Netlogon vulnerability
View Scan-Netlogon-Secure.ps1
# More information:
Set-StrictMode -Version 2
# Fetch all Domain Controllers. Use this pattern to fetch from all sites.
$addomain = Get-ADDomain
$controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)"
foreach ($dc in $controllers) {
# Errors are ignored so as not to throw an exception if there are no such logs found
Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore
technion / phishing.js
Last active Aug 12, 2020
blog of phishing code
View phishing.js
'use strict';
/** @type {!Array} */
var _0xd60a = ["call", "unknown BTYPE: ", "innerHTML", "lazy", "invalid code length: ", "subarray", "createElement", "invalid compression type", "decompress", "input buffer is broken", "POSITIVE_INFINITY", "index", "verify", "charCodeAt", "bufferSize", "invalid uncompressed block header: LEN", "var ", "compile", "fromCodePoint", "finish", "bufferType", "shift", "compressionType", "input", "Zlib.Inflate.prototype.decompress", "invalid inflate mode", "slice", "NONE", "appendChild", "length", "string",
"Zlib.Inflate", "textContent", "prototype", "Zlib.Deflate.compress", "resize", "number", "invalid index", "documentElement", "buffer", "undefined", "trim", "unsupported compression type", "keys", "constructor", "Inflate", "unsupported compression method", "a9ae92d3-ee4f-4bc1-a8c5-7cff21373a99", "split", 'return /" + this + "/', "invalid adler-32 checksum", "getParent", "close", "invalid length: ", "push", "fromCharCode", "invalid code: ", "Zlib.Deflate.CompressionType", "write"
technion / Hyper-V VM Use Report.ps1
Created Jul 14, 2020
Report on whole VM cluster in csv format
View Hyper-V VM Use Report.ps1
$nodelist = Get-Clusternode -Cluster cls
$vmdata = @()
foreach ($node in $nodelist) {
$vmList = Get-VM -ComputerName $node.Name | where { $ -notlike '*_replica' }
foreach ($vm in $vmList) {
$UtilSummaryObj = New-Object System.Object
View User duplicate provisioning.ps1
Set-StrictMode -Version 2
Add-Type -AssemblyName 'System.Web'
$adusers = Get-ADGroupMember "Team"
foreach ($user in $adusers) {
$newname = "$($user.Samaccountname).delegate"
$password = [System.Web.Security.Membership]::GeneratePassword(12, 0)
$secPw = ConvertTo-SecureString -String $password -AsPlainText -Force
technion / AzureGroups.ps1
Created Apr 30, 2020
Adds all AzureAD users with a certain license to a group
View AzureGroups.ps1
$skus = Get-AzureADSubscribedSku
# Exchange Online E1
$skue1 = ( $skus | where { $_.skupartnumber -eq 'EXCHANGESTANDARD' } ).SkuID
$members = Get-AzureADUser -All $true
foreach($member in $members) {
if ($member.ImmutableId -eq $null) {
# Cloud user - skip
technion / Check-CVE-2020-0688.ps1
Created Apr 7, 2020
Scan Exchange server for CVE-2020-0688 vulnerability
View Check-CVE-2020-0688.ps1
Set-Strictmode -Version 2
$path = Get-WebApplication ecp
$ecppath = $path | where { $_.PhysicalPath -match 'Client' }
$found = Select-String validationKey -Path "$($ecppath.PhysicalPath)\web.config"
if ($found) {
Write-host "Server is vulnerable" -ForegroundColor Yellow
} else {
write-host "Server is not vulnerable"
View dlimportexport.ps1
# Export
$allGroups = Get-DistributionGroup | select Name, primarysmtpaddress
$exportlist = @()
foreach($group in $allGroups) {
$obj = New-Object -TypeName psobject
$obj | Add-Member -MemberType NoteProperty -Name Name -Value $group.Name
$obj | Add-Member -MemberType NoteProperty -Name Email -Value $group.PrimarySMTPAddress
technion / otxhashget.ps1
Created Jul 26, 2019
Alien Vault OTX file hash IOC download Powershell
View otxhashget.ps1
# Script to create current IOC hash file from Alien Vault Open Threat Exchange
$apikey = "KEY"
$feedurl = ""
Start-Transcript -Path E:\custom-hash-iocs.txt
function fetchOTX($url) {
$indicators = Invoke-RestMethod -Uri $url -Headers @{"X-OTX-API-KEY"="$apikey"}
foreach($ioc in $indicators.results.indicators) {
if ($ioc.type -like "FileHash-*") {