This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $keyName = 'run-ctfmon-search-fix' | |
| $keyValue = 'C:\Windows\system32\ctfmon.exe' | |
| $keyPath = 'HKCU:Software\Microsoft\Windows\CurrentVersion\run' | |
| # Add the ctfmon.exe to the HKey_Current_User run registry key | |
| New-ItemProperty -Name $keyName -Value $keyValue -Path $keyPath | |
| # View the registry keys that run when a user logs in | |
| Get-ItemProperty -Path $keyPath |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Script to demo how to get data from a posted webhook | |
| #> | |
| Param | |
| ( | |
| [object]$WebhookData | |
| ) | |
| if ($WebhookData) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Has to be lower case windows for the platform, despite Windows is returned in the results. | |
| $filterPlatform = New-Object Amazon.EC2.Model.Filter | |
| $filterPlatform.Name = 'platform' | |
| $filterPlatform.Value = 'windows' | |
| # The name is case sensitive, base will not bring any results back | |
| $filterName = New-Object Amazon.EC2.Model.Filter | |
| $filterName.Name = 'name' | |
| $filterName.Value = '*Windows*1803*Base*' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "builders": [ | |
| { | |
| "type": "amazon-ebs", | |
| "region": "eu-west-1", | |
| "instance_type": "t2.micro", | |
| "ami_name": "1803-dns-{{timestamp}}", | |
| "communicator": "winrm", | |
| "winrm_username": "Administrator", | |
| "winrm_use_ssl": true, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# Reset a user's Azure mfa settings. This wipes the current settings so the user must provide them again next time the try to authenticate. | |
| User running the command from slack must be in the authorisedUsers hashtable. | |
| Requires the user's correct UPN in Azure otherwise will fail. | |
| https://api.slack.com/slash-commands for the format of how the data is sent to the webhook | |
| Percent encoding is used for the data see wikipedia for info: https://en.wikipedia.org/wiki/Percent-encoding | |
| Using Write-Output to outpupt information to Azure Automation runbook history to make searching who ran the command easier | |
| #> | |
| param | |
| ( | |
| [object] $WebhookData |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import javax.net.ssl.SSLSocket; | |
| import javax.net.ssl.SSLSocketFactory; | |
| import java.io.*; | |
| /** Establish a SSL connection to a host and port, writes a byte and | |
| * prints the response. See | |
| * http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services | |
| */ | |
| public class SSLPoke { | |
| public static void main(String[] args) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a backup vault | |
| $VaultName = 'demo' | |
| $ProjectTag = @{'Project' = 'Demo' } | |
| New-BAKBackupVault -BackupVaultName $VaultName -BackupVaultTag $ProjectTag |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create backup lifecycle, tags and plan | |
| $BackupLifeCycle = New-Object -TypeName Amazon.Backup.Model.Lifecycle | |
| $BackupLifeCycle.DeleteAfterDays = 7 | |
| # $BackupLifeCycle.MoveToColdStorageAfterDays = Commented out so no cold storage. Uncomment and assign a value if cold storage is required | |
| # Create the tags to be applied to items created by this backup plan | |
| $RecoveryTags = New-Object -TypeName 'system.collections.generic.dictionary[string,string]' | |
| $RecoveryTags.Add('created:by:aws:backup:plan', '4-AM-7-Day-Retention') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Resource selection https://docs.aws.amazon.com/sdkfornet/v3/apidocs/index.html?page=Backup/TBackupCondition.html&tocid=Amazon_Backup_Model_Condition | |
| $BackupSelectionName = '4AM-7-Day-Retention-Tag' | |
| $IAMRoleARN = (Get-IAMRole -RoleName AWSBackupDefaultServiceRole).arn # using the default created role here | |
| $BackupCondition = New-Object -TypeName Amazon.Backup.Model.Condition | |
| $BackupCondition.ConditionKey = 'BackupPolicy' | |
| $BackupCondition.ConditionValue = '4AM-7-Day-Retention' | |
| $BackupCondition.ConditionType = 'STRINGEQUALS' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Output the instance name from the tag along with a few properties | |
| $ec2 = Get-EC2Instance | |
| ($ec2).Instances | ForEach-Object { | |
| $properties = [ordered]@{ | |
| Name = ($_ | Select-Object -ExpandProperty tags | Where-Object -Property Key -eq Name ).value | |
| InsanceID = $_.InstanceId | |
| PrivateIP = $_.PrivateIpAddress | |
| SubnetId = $_.SubnetId | |
| InstanceType = $_.InstanceType |