Fabian Bader f-bader
JustinGrote
/ asimAuxiliaryTables.bicep
Last active
August 25, 2024 10:34
Create Auxiliary Table equivalents to ASIM and Common Log Sentinel Tables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param workspaceName string | |
| param logRetentionDays int = 90 | |
| param tableNames array = [ | |
| 'ASimNetworkSessionLogs' | |
| 'ASimAuthenticationEventLogs' | |
| 'ASimWebSessionLogs' | |
| 'ASimAuditEventLogs' | |
| 'ASimDhcpEventLogs' | |
| 'ASimDnsActivityLogs' | |
| 'ASimFileEventLogs' |
JustinGrote
/ New-JAzDataCollectionRule.ps1
Last active
August 3, 2024 08:19
Create a Data Collection rule with embedded Ingestion DCRs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace Microsoft.Azure.PowerShell.Cmdlets.Monitor.DataCollection.Models | |
| using namespace System.Management.Automation | |
| function New-JAzDataCollectionRule { | |
| <# | |
| .SYNOPSIS | |
| Create a new Data Collection Rule in Azure Monitor. Uses 2023 API for direct DCRs | |
| .NOTES | |
| The MS Documentation on this sucks but the reference has a good example which is how I figured it out: https://learn.microsoft.com/en-us/rest/api/monitor/data-collection-rules/create?view=rest-monitor-2023-03-11&tabs=HTTP#create-or-update-data-collection-rule-with-embedded-ingestion-endpoints | |
| #> |
azurekid
/ Get-Guid.ps1
Last active
October 12, 2023 17:25
PowerShell function to create a GUID from a string value
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Generates a GUID from a given string value using MD5 hashing. | |
| .PARAMETER Value | |
| The string value to generate a GUID from. | |
| .EXAMPLE | |
| Get-Guid -Value "example string" | |
| Returns a GUID generated from the string "example string". |
mgraeber-rc
/ ATPSiPolicy.xml
Created
September 12, 2023 15:15
Recovered Microsoft Defender for Endpoint WDAC policy that is dropped to %windir%\System32\CodeIntegrity\ATPSiPolicy.p7b when "Restrict App Execution" is enabled for a device.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.0.0</VersionEx> | |
| <PolicyTypeID>{4E61C68C-97F6-430B-9CD7-9B1004706770}</PolicyTypeID> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:UMCI</Option> | |
| </Rule> | |
| <Rule> |
awakecoding
/ Get-AadJoinInformation.ps1
Created
August 8, 2023 14:21
Get Azure AD (Entra ID) Join Information without dsregcmd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @' | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography.X509Certificates; | |
| public enum DSREG_JOIN_TYPE { | |
| DSREG_UNKNOWN_JOIN = 0, | |
| DSREG_DEVICE_JOIN = 1, | |
| DSREG_WORKPLACE_JOIN = 2 | |
| } |
sassdawe
/ PresentLight.json
Last active
June 19, 2024 02:33
A light theme for Windows Terminal designed for the big screen!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "background": "#F9F9F9", | |
| "black": "#AB3D2C", | |
| "blue": "#275FE4", | |
| "brightBlack": "#C21458", | |
| "brightBlue": "#0099E1", | |
| "brightCyan": "#7B86BB", | |
| "brightGreen": "#3D942E", | |
| "brightPurple": "#CE33C0", | |
| "brightRed": "#FF0308", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Original script and research by commial | |
| ### https://github.com/commial/experiments/tree/master/windows-defender | |
| ### Set LUADec_Path to binary | |
| ### https://github.com/viruscamp/luadec | |
| import struct | |
| import argparse | |
| import sys | |
| import os | |
| import io | |
| import subprocess |
awakecoding
/ Get-RdpLogonEvent.ps1
Created
September 7, 2022 01:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-RdpLogonEvent | |
| { | |
| [CmdletBinding()] | |
| param( | |
| [Int32] $Last = 10 | |
| ) | |
| $RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
| LogName='Security' | |
| ProviderName='Microsoft-Windows-Security-Auditing' |
LeeHolmes
/ PowerShell Script Block Merge in Kusto
Created
March 9, 2022 19:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Event | |
| | where EventID == "4104" | |
| | extend ParsedEvent = parse_xml(strcat("<root>", ParameterXml, "</root>")) | |
| | extend MessageNumber = tolong(ParsedEvent.root.Param[0]) | |
| | extend MessageTotal = tolong(ParsedEvent.root.Param[1]) | |
| | extend ScriptBlockElement = iff( | |
| strlen(tostring(ParsedEvent.root.Param[2]["#text"])) > 0, | |
| ParsedEvent.root.Param[2]["#text"], | |
| ParsedEvent.root.Param[2]) | |
| | extend ScriptBlockId = tostring(ParsedEvent.root.Param[3]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: github pages | |
| on: | |
| push: | |
| branches: | |
| - blog # Set a branch to deploy | |
| pull_request: | |
| jobs: | |
| deploy: |
NewerOlder