Skip to content

Instantly share code, notes, and snippets.

@jpbruckler
jpbruckler / AutomateDCRAssignment.ps1
Created May 14, 2024 12:48
Assigns Data Collection Rules to Windows Servers
<#
.SYNOPSIS
Assigns Data Collection Rules to Azure VMs and Azure Arc servers.
.DESCRIPTION
This script connects to Azure, retrieves all Windows Azure VMs and Azure Arc
servers from specified subscriptions, and applies Data Collection Rules to
them. It is intended to streamline the setup of monitoring across both Azure
VM and Azure Arc environments by automating the association of DCRs.
format = """
$os\
$username\
$c\
$dotnet\
$elixir\
$erlang\
$java\
$kotlin\
$lua\
@jpbruckler
jpbruckler / DevMachineSetup.ps1
Last active September 5, 2023 12:31 — forked from codebytes/DevMachineSetup.ps1
DevMachineSetup
#Install WinGet
#Based on this gist: https://gist.github.com/crutkas/6c2096eae387e544bd05cde246f23901
$hasPackageManager = Get-AppPackage -name 'Microsoft.DesktopAppInstaller'
if (!$hasPackageManager -or [version]$hasPackageManager.Version -lt [version]"1.10.0.0") {
"Installing winget Dependencies"
Add-AppxPackage -Path 'https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx'
$releases_url = 'https://api.github.com/repos/microsoft/winget-cli/releases/latest'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
@jpbruckler
jpbruckler / New-DcrXPathFilter.ps1
Created August 9, 2023 22:16
Function to provide an XPath filter suitable for use in Azure Monitor Data Collection Rules.
function New-DcrXPathFilter {
<#
.SYNOPSIS
Generates an XPath filter based on specified Event IDs and a log name.
.DESCRIPTION
The New-DcrXPathFilter function takes an array of Event IDs, a log name,
and an optional operator to create an XPath filter. This filter can be
used to query specific events from the Windows Event Log.
@jpbruckler
jpbruckler / Upgrade-PowerShellUniversal.ps1
Created July 1, 2023 21:23
Script to upgrade PowerShell Universal. Script assumes a service account is used.
Write-Host ("Starting PowerShell Universal upgrade...")
$PSUSettingsPath = (Join-Path -Path $env:ProgramData -ChildPath '\PowerShellUniversal\appsettings.json')
if (-not (Test-Path $PSUSettingsPath)) {
$PSUSettingsPath = Read-Host ('Unable to find appsettings at {0}. Enter path to appsettings.json' -f $PSUSettingsPath)
}
$PSUSettings = Get-Content $PSUSettingsPath -Raw | ConvertFrom-Json -Depth 10
$cred = get-credential -Message 'Enter credential for PowerShell Universal Service Account'
@jpbruckler
jpbruckler / Get-AttackSurfaceReductionConfig.ps1
Created June 28, 2023 15:59
Get-AttackSurfaceReductionConfig
function Get-AttackSurfaceReductionConfig
{
$guidLookup = @{
"56a863a9-875e-4185-98a7-b882c64b5ce5" = "Block abuse of exploited vulnerable signed drivers"
"7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c" = "Block Adobe Reader from creating child processes"
"d4f940ab-401b-4efc-aadc-ad5f3c50688a" = "Block all Office applications from creating child processes"
"9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2" = "Block credential stealing from the Windows local security authority subsystem (lsass.exe)"
"be9ba2d9-53ea-4cdc-84e5-9b1eeee46550" = "Block executable content from email client and webmail"
"01443614-cd74-433a-b99e-2ecdc07bfc25" = "Block executable files from running unless they meet a prevalence, age, or trusted list criterion"
"5beb7efe-fd9a-4556-801d-275e5ffc04cc" = "Block execution of potentially obfuscated scripts"
<#
File below is used to deploy a Hyper-V based lab environment using AutomatedLab
(https://github.com/AutomatedLab/AutomatedLab)
Operating systems needed: Windows Server 2022 Datacenter Edition.
Download from wherever you get your server ISOs.
For the software installation section, you will need to download 7-zip and PowerShell
from official sources and place in the $labSources\SoftwarePackages folder.

Keybase proof

I hereby claim:

  • I am jpbruckler on github.
  • I am jpbruckler (https://keybase.io/jpbruckler) on keybase.
  • I have a public key ASBcpZU7vHeomBfcY2QhF5jMkYdFsNh9M3L0ckL1m4d0UAo

To claim this, I am signing this object:

flowchart TD %% Card Types ABI((Issue Card)) ABT{{Task Cards}} ABP{{Problem Card}} subgraph B1[Epic and Sprint] ABE{{Epic}} ABS{{Sprint}} ABE --> ABS end

@jpbruckler
jpbruckler / multi-suggest.js
Created April 28, 2022 01:20
Obsidian.md Templater plugin pattern for multiple choices in a suggester.
<%*
// From: https://forum.obsidian.md/t/quickadd-plugin/20032/70
const responses = [];
let chc = ["Choice 1", "Choice 2", "Choice 3"]
if (!chc.includes("Done")) {
chc.push("Done");
}
// Multiple selection suggester pattern
let r;