Skip to content

Instantly share code, notes, and snippets.

View dstreefkerk's full-sized avatar

Daniel dstreefkerk

50 followers · 10 following
View GitHub Profile
@dstreefkerk
dstreefkerk / oob_update.json
Last active January 9, 2025 23:29
This ARM template deploys an Azure Logic App workflow designed to notify users about updates to Microsoft Sentinel analytic rules.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"NamePrefix": {
"defaultValue": "",
"type": "String",
"metadata": {
"description": "Optional prefix to prepend to all resource names for easy identification."
}
@dstreefkerk
dstreefkerk / RickLog.ps1
Created November 28, 2024 00:29
# PowerShell script in response to this:
# https://github.com/hattonsec/hattonsec.github.io/commit/1d78938bf324fac1a68d89f83e8d6dcd785ac8bd#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R838
$BaseUrl = "https://log[.]linpeas[.]sh" # defanged. Don't actually do this, I just generated this script for the lolz
# Need the lyrics in a text file somewhere
$rick = Get-Content C:\temp\rick.txt | Where-Object {-not [string]::IsNullOrWhiteSpace($_)}
foreach ($roll in $rick) {
$uuid = [guid]::NewGuid().guid -replace '-',''
@dstreefkerk
dstreefkerk / profile.ps1
Last active October 15, 2024 23:19
PowerShell profile function and alias to copy the current folder's filenames to clipboard
<#
.SYNOPSIS
Retrieves file names from the current folder and copies them to the clipboard.
Drop this function and the alias definition into your PowerShell profile file to make it available in every PowerShell session.
.EXAMPLE
Get-FileNamesFromCurrentFolder -Recurse
Recursively gets all file names from the current folder and subfolders, copying them to the clipboard.
@dstreefkerk
dstreefkerk / gist:ffb233ce57585818f3887b63b6310188
Created March 27, 2024 00:55
List conditional access policies via PowerShell, including if they apply to MS Admin Portals (CIS Azure Foundations 1.2.7)
# First, connect to Microsoft Graph
Connect-MgGraph -Scopes "Policy.Read.All", "Directory.Read.All"
# Retrieve all Conditional Access policies
$policies = Get-MgIdentityConditionalAccessPolicy
# Iterate through each policy
foreach ($policy in $policies) {
[pscustomobject]@{
ID = $policy.Id
@dstreefkerk
dstreefkerk / Export-CrowdGroupData.ps1
Last active December 9, 2023 06:49
Script to retrieve and export group data from Atlassian Crowd via REST API.
<#
.SYNOPSIS
Retrieves and exports group data from Atlassian Crowd via REST API.
.DESCRIPTION
The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory.
It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory.
Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/
@dstreefkerk
dstreefkerk / invite-entra-guests-msgraph.ps1
Created December 7, 2023 04:05
Invite Entra ID Guests with a customised message body and a specific CC recipient using Invoke-MgGraphRequest
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Invite.All"
# Microsoft Graph API endpoint for invitations
$graphApiUrl = "https://graph.microsoft.com/v1.0/invitations"
# Create the invitation object
$invitation = @{
invitedUserDisplayName = "Daniel Streefkerk"
invitedUserEmailAddress = "daniel@example.com"
@dstreefkerk
dstreefkerk / Get-ProwlerJSONFindingsCSV.ps1
Last active August 23, 2023 06:24
Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
# Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
# Note: will also run fine if there's just a single JSON file in the output folder
#
# Hard-coded to grab FAILures only, not PASSes
#
# Make sure that only relevant findings files are being merged to CSV. i.e. remove old output files from previous runs
# Path to the default Prowler output folder
$prowlerReportsFolder = Join-Path -Path $env:USERPROFILE -ChildPath "output"
@dstreefkerk
dstreefkerk / templates.yaml
Last active April 15, 2025 02:11 — forked from EverythingSmartHome/templates.yaml
Home Assistant Mushroom card templates
#Showing the state of a temperature in a template card:
{{ states('sensor.your_temperature_sensor') }}
#Change the colour of the light depending on status:
{% if is_state('light.your_light', 'on') %}
orange
{% endif %}
#Welcome template:
#Updated to greet the user by first name only
@dstreefkerk
dstreefkerk / ConditionalAccess-PolicyNames_and_IDs.txt
Created October 6, 2020 23:32
KQL Query to retrieve from Log Analytics a list of Conditional Access policy names and IDs
SigninLogs
| mv-expand ConditionalAccessPolicies
| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id)
| distinct ID,DisplayName
| order by DisplayName asc
@dstreefkerk
dstreefkerk / ConditionalAccess-SignIns-ReportOnly.txt
Last active May 8, 2025 16:22
KQL Query to retrieve all Azure AD sign-ins that failed a Conditional Access policy in Report-Only mode
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
SigninLogs
| mvexpand ConditionalAccessPolicies
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]