Joshua Small technion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version 2 | |
| # Connect first | |
| # Connect-AzureAD | |
| function Get-LicencesforUser | |
| { | |
| param([object]$user) | |
| # $user should be populated with | |
| # $user = Get-AzureADUser -ObjectId username@domain.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !WA:2!1zvZUTTrq4YOwKc1IcB3a30FqbtBtacqRQLsIDQrqqfTLtuJSTcLSDcGrLwYDL42qUC7UlTLuVjKd5SEe0HCOON0JGFcim6tGrFc8lq7SKuYQUUxKwoC2DN5B(MVHgBTuWs4LWVX3jsseT6Bmjiet8Rk3JrvELqCQNO3UD6ijkJjyQK7J63K0tDnr)PwrmxVqr9qkt5SrLDAwXEItOateBe6hk(PC5Yvp3kfEWejkGO3AKG0UuKW)AN7GCFvxryedN6AIFx6NZFfHWll5exLnsrd9gNeGT4iLh)wGDFF53JeUigHhEmKcsfsrA56rKQcbLSWePl)PLzm4ACjsZgEiC4XorcMPGiPsL0KYmD9qktCKGY6AQ8iMnpgmwjGteHcPjH5c7wrefgkcv6OGzy1jKP4lSLGoW85riSaPqMnB64kc5T6x)DxPW9lEUknDpqG4BdrT9g1kVD9HsYVgbhjjhFXoHcskcKHm8vRQVOoixYHLX4qM8WdiOxvosGKhwxNGjl3MGPOdtTQ)9ENktYRxKwuYXxakNLX)sKurWe82uM3y4MGaVzFoXI6gYsl0aC1ks(8rAlvz66j)gUHH(WzX0H0MujYXNG9gj9rmLolCQUtJQBwzmSdmvJfY8ISen(ZMekOewkgnC)k2nRUr5ANKYhsJTpWcfPGYOk09iIqc(9(F7DNsTQch6nV2h)3wdcddmUief9(RfkfrXtw5(LTxBn7JSDWdDdd4qnu6LX3sI)pX(ykw5vK)5ZXwBb4Cas1INTWwrdiqjZnj8x1g4mc1(Ia4WqDj87E7Ifsyw7auwZh)y7eIcb)Ohz(DMLFYtS31SAdZgpTAtUz2EMEdflaeoLEFzwSyHmYjt9sbOFPgLFj)w)N9n7cZmfV(yCyRm3ABrH(X8oDG)KE5h3H2JGpqNOV(dVaLudm4lCrtvkE)EWALpLb4)EnRvDNk8BaHickxqFI1mN9olfe1wWahMVGLpDWaKaB2e4dkkFKK43jTn3A3Mn3DBB3Pn4gos |
technion
/ Scan-Netlogon-Secure.ps1
Last active
August 16, 2020 23:30
Search domain controllers for events relating to Netlogon vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # More information: https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc | |
| Set-StrictMode -Version 2 | |
| # Fetch all Domain Controllers. Use this pattern to fetch from all sites. | |
| $addomain = Get-ADDomain | |
| $controllers = Get-ADComputer -filter * -SearchBase "OU=Domain Controllers,$($addomain.DistinguishedName)" | |
| foreach ($dc in $controllers) { | |
| # Errors are ignored so as not to throw an exception if there are no such logs found | |
| Get-WinEvent -FilterHashtable @{logname='system'; id=5827,5828,5829,5830,5831} -ComputerName $dc.Name -ErrorAction Ignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| /** @type {!Array} */ | |
| var _0xd60a = ["call", "unknown BTYPE: ", "innerHTML", "lazy", "invalid code length: ", "subarray", "createElement", "invalid compression type", "decompress", "input buffer is broken", "POSITIVE_INFINITY", "index", "verify", "charCodeAt", "bufferSize", "invalid uncompressed block header: LEN", "var ", "compile", "fromCodePoint", "finish", "bufferType", "shift", "compressionType", "input", "Zlib.Inflate.prototype.decompress", "invalid inflate mode", "slice", "NONE", "appendChild", "length", "string", | |
| "Zlib.Inflate", "textContent", "prototype", "Zlib.Deflate.compress", "resize", "number", "invalid index", "documentElement", "buffer", "undefined", "trim", "unsupported compression type", "keys", "constructor", "Inflate", "unsupported compression method", "a9ae92d3-ee4f-4bc1-a8c5-7cff21373a99", "split", 'return /" + this + "/', "invalid adler-32 checksum", "getParent", "close", "invalid length: ", "push", "fromCharCode", "invalid code: ", "Zlib.Deflate.CompressionType", "write" |
technion
/ Get-VM-using-Virtualdisk.ps1
Last active
August 5, 2020 00:55
Scan a virtualdisk for VMs that are using it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please set these two variables | |
| $scanpath = "C:\ClusterStorage\SilverTier1" | |
| $clustername = "cls.cluster.mycluster.cluster.cls" | |
| Set-StrictMode -Version 2 | |
| $nodes = Get-ClusterNode -Cluster $clustername | |
| foreach ($node in $nodes) { | |
| write-host "Processing node $($node.Name)" |
technion
/ Hyper-V VM Use Report.ps1
Created
July 14, 2020 03:43
Report on whole VM cluster in csv format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $nodelist = Get-Clusternode -Cluster cls | |
| $vmdata = @() | |
| foreach ($node in $nodelist) { | |
| $vmList = Get-VM -ComputerName $node.Name | where { $_.name -notlike '*_replica' } | |
| foreach ($vm in $vmList) { | |
| $UtilSummaryObj = New-Object System.Object |
technion
/ User duplicate provisioning.ps1
Last active
June 29, 2020 05:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version 2 | |
| Add-Type -AssemblyName 'System.Web' | |
| $adusers = Get-ADGroupMember "Team" | |
| foreach ($user in $adusers) { | |
| $newname = "$($user.Samaccountname).delegate" | |
| $password = [System.Web.Security.Membership]::GeneratePassword(12, 0) | |
| $secPw = ConvertTo-SecureString -String $password -AsPlainText -Force |
technion
/ AzureGroups.ps1
Created
April 30, 2020 05:47
Adds all AzureAD users with a certain license to a group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $skus = Get-AzureADSubscribedSku | |
| # Exchange Online E1 | |
| $skue1 = ( $skus | where { $_.skupartnumber -eq 'EXCHANGESTANDARD' } ).SkuID | |
| $members = Get-AzureADUser -All $true | |
| foreach($member in $members) { | |
| if ($member.ImmutableId -eq $null) { | |
| # Cloud user - skip |
technion
/ Check-CVE-2020-0688.ps1
Created
April 7, 2020 07:00
Scan Exchange server for CVE-2020-0688 vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Strictmode -Version 2 | |
| $path = Get-WebApplication ecp | |
| $ecppath = $path | where { $_.PhysicalPath -match 'Client' } | |
| $found = Select-String validationKey -Path "$($ecppath.PhysicalPath)\web.config" | |
| if ($found) { | |
| Write-host "Server is vulnerable" -ForegroundColor Yellow | |
| } else { | |
| write-host "Server is not vulnerable" | |
| } |
technion
/ dlimportexport.ps1
Created
January 14, 2020 00:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Export | |
| $allGroups = Get-DistributionGroup | select Name, primarysmtpaddress | |
| $exportlist = @() | |
| foreach($group in $allGroups) { | |
| $obj = New-Object -TypeName psobject | |
| $obj | Add-Member -MemberType NoteProperty -Name Name -Value $group.Name | |
| $obj | Add-Member -MemberType NoteProperty -Name Email -Value $group.PrimarySMTPAddress |