Bill Wilder codingoutloud
codingoutloud
/ az-sub-list.sh
Created
June 13, 2024 19:28
Quickly see more salient properties of Azure Subscriptions for logged-in user. Use from Azure Shell or use "az login" as needed before running.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Bill Wilder, 13-June-2024 | |
| # Consider applying "chmod u+x az-sub-list.sh" or similar to a local copy of this file as you see fit. | |
| # If not being invoked from Azure Shell you need to ensure you have authenticated via "az login" before running. | |
| az account list --query '[].{Name:name, ID:id}' --output tsv | awk -F'\t' '{print "Azure Subscription ID \"" $2 "\" is for Subscription named \"" $1 "\""}' | |
| USERNAME=$(az account show --query '{Name:user.name}' --output tsv) | |
| DEFSUB=$(az account list --query '[?isDefault].{Name:name}' --output tsv) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "days": 42 | |
| } |
codingoutloud
/ mimikatz-lab-helpers.txt
Last active
December 16, 2023 15:43
Windows Server 2016 lab
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For educational purposes only | |
| ## STEP 0 - Create a Windows VM in the cloud, such as a Windows 2016 Server in Azure, with RDP enabled | |
| Log in via RDP | |
| Open PowerShell as Administrator | |
| if you want to download local PowerShell help to poke around: | |
| Get-Help curl |
codingoutloud
/ who-vm.sh
Created
November 26, 2023 19:14
Azure CLI wrapped for seeing who created a VM or reset the password. Uses only Activity Log (control plane) logs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| rgName=qu-rg | |
| # comment out setting of the VM name to instead use the resource group (more results may be returned) | |
| # you can also change the VM name here to focus on a different VM | |
| ###vmName=qu-sam-vm | |
| if [ -z "${vmName}" ]; then | |
| # if vmName is not set, use the resource group |
codingoutloud
/ puml.sh
Created
July 7, 2022 13:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Mostly this script exists to simply make it possible/simple to do "puml.sh foo.puml" to create "foo.png" from command line. | |
| # | |
| # If you want it even simpler - "puml foo.puml" (no ".sh" extension) consider using an alias. | |
| # Here is example for .bash_profile: | |
| # alias puml=~/bin/puml.sh | |
| for ARG in "$@" | |
| do | |
| if [ "$ARG" = "v" ]; then |
codingoutloud
/ azipcheck.sh
Created
November 21, 2021 01:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 1 ]; then | |
| IP="$1" | |
| ## NEED AN AZURE MAP API KEY | |
| ## Create an Azure Map account in the Azure portal to get a new APIKEY. | |
| AZUREMAP_APIKEY='...' | |
| ## Azure Map API to look up the COUNTRY (two-char ISO) of the IP |
codingoutloud
/ azure-activity-log-security.json
Created
November 21, 2021 01:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| Actual activity-log entry, redacted (...) and anonymized. | |
| category = "Security" | |
| level = "Informational" | |
| The threatName and threatID values under properties match this: | |
| https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FConteban.A!ml&threatid=2147735508 | |
| --> | |
| { |
codingoutloud
/ getRandomInt.js
Created
August 30, 2020 17:21
JavaScript functions for choosing a random integer between 0 and some max value. There are two variants: one where max is supplied, and one where an array is supplied.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Return a random integer in [0..max] (inclusive, so 0 and max are valid values). | |
| // Assumes (but does not validate) that max is a non-negative integer less than Number.MAX_SAFE_INTEGER. | |
| // Does not use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). | |
| function getRandomInt(max) { | |
| return Math.floor(Math.random() * (max + 1)); | |
| // How it works: | |
| // Math.random() → returns a floating point number at least zero but less than one: [0..1) | |
| // Math.random() * (max+1) → returns a floating point number at least 0 but less than (max+1): [0..max+1) | |
| // floor(Math.random() * (max+1)) → returns an integer at least 0 but could be as high as max: [0..max] |
codingoutloud
/ myip.py
Created
February 2, 2020 16:43
Command line to get my public IP address by leveraging handy feature in OpenDNS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OpenDNS resolves "myip.opendns.com" to the caller's publicly-facing IP. | |
| # To use this feature, resolve that DNS name against an OpenDNS name server. | |
| # https://github.com/rthalley/dnspython | |
| # pip install dnspython | |
| import dns.resolver | |
| resolver = dns.resolver.Resolver() |
codingoutloud
/ check-azure-sql-db-logins.sql
Created
March 12, 2019 17:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Turn on Audit Logging to Blob for your Azure SQL Database. Then you can query who has logged in. | |
| -- The example below assumes DB Server-level audit logging. Details will vary slightly for Database-level audit logging. | |
| -- The example below shows who logged in so far today. | |
| -- Change "-0" to "-1" to look at yesterday (from a UTC perspective, not your local timezone). | |
| -- Change "-0" to "-100" to look at 100 days ago. | |
| SELECT FORMATMESSAGE('%s (%s)', CAST(DATEADD(day, -0, CONVERT(date, SYSUTCDATETIME())) as varchar), | |
| DATENAME(WEEKDAY, DATEADD(day, -0, SYSUTCDATETIME()))), | |
| server_principal_name, | |
| COUNT(server_principal_name) as 'Logins' | |
| FROM sys.fn_get_audit_file(FORMATMESSAGE('https://<MYBLOB>.blob.core.windows.net/sqldbauditlogs/<MYDBSERVER>/<MYDB>/SqlDbAuditing_ServerAudit/%s/', |
NewerOlder