justneilnottheseal neil-sabol
neil-sabol
/ Admin-Password-Reset.iss
Last active
December 31, 2018 23:19
InnoSetup installer script to generate a "package" that resets a local account password on Windows (intended for use with SCCM)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Setup] | |
| ; Basic information | |
| AppName = Computer Maintenance | |
| AppVerName = Computer Maintenance 0.0.1 | |
| AppPublisher = Neil Sabol | |
| AppVersion = 0.0.1 | |
| Compression = lzma | |
| SolidCompression = yes | |
| PrivilegesRequired = admin | |
| ; Choose a benign directory to "install" even though we are not really |
neil-sabol
/ authproxy.cfg
Created
July 20, 2019 22:26
Sample Duo Authentication Proxy Configuration for LDAP and the Forum Systems test LDAP server (https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ad_client] | |
| ;https://duo.com/docs/authproxy-reference#ad_client | |
| ;https://help.duo.com/s/article/2121?language=en_US | |
| ;https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ | |
| ; I am binding on port 389 (no encryption) - #neverinproduction - use 636 (LDAPS) instead | |
| host=ldap.forumsys.com | |
| auth_type=plain | |
| service_account_username=read-only-admin | |
| service_account_password=password | |
| bind_dn=cn=read-only-admin,dc=example,dc=com |
neil-sabol
/ ykman-yubikey-static-password-reset-example.ps1
Last active
January 31, 2021 13:17
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an alias for ykman pointing the the install location | |
| set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe" | |
| # Provide an opportunity to insert the yubikey before continuing | |
| Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue" | |
| # Add a new line for formatting/tidiness | |
| write-host " " | |
| # Run ykman to generate the static password on the Yubikey (in slot 2) |
neil-sabol
/ ykman-yubikey-create-oath-totp-credential-example.ps1
Last active
January 31, 2021 13:17
See https://blog.neilsabol.site/post/yubikey-manager-ykman-powershell-cli-duo-mfa-oath-totp-token/ . This snippet uses the ykman command to generate an OATH-TOTP credential on the Yubikey which can be used with services that require you to supply your own TOTP secret.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an alias for ykman pointing the install location | |
| set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe" | |
| # Get the Yubikey's serial number with ykman | |
| # Not required but will be used to import into Duo later (to test) | |
| $serialNumber = ykman info | where { $_ -like "Serial number:*" } | | |
| %{ $_ -replace "Serial number: ",""} | |
| # Generate a random 40 character hex secret | |
| # See https://codegolf.stackexchange.com/questions/58442/generate-random-uuid - thanks Forty3 |
neil-sabol
/ onetimesecret-api-random-credential-link-example.ps1
Created
April 5, 2020 00:27
See https://blog.neilsabol.site/post/onetimesecret-api-powershell-cli-basic-example-one-time-secret/ . This snippet uses Invoke-RestMethod and the OneTimeSecret API to generate a random password then output the password and secret link to retrieve it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Your OneTimeSecret Username and API key from https://onetimesecret.com/account#apikey-tab | |
| $apiUsername = "[email protected]" | |
| $apiPassword = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | |
| # Invoke-RestMethod is a little "tempermental" with Basic Authentication - the "-Credential" parameter specifically | |
| # See https://stackoverflow.com/questions/24672760/powershells-invoke-restmethod-equivalent-of-curl-u-basic-authentication - thanks Borek Bernard | |
| $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $apiUsername,$apiPassword))) | |
| # Specify parameters for random password generation - in this case, a Time to Live in seconds (7 days) | |
| $Body = @{ |
neil-sabol
/ totp-test.ps1
Last active
April 30, 2020 23:09
See https://blog.neilsabol.site/post/effect-of-clock-skew-on-oath-totp-passcodes/. This snippet generates and compares OATH-TOTP passcodes with varying degrees of clock skew (resets the computer's time) and dumps the results to CSV.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################################ | |
| # NOTE: This must be run as administrator since w32tm and time are used to manipulate the computer's time. # | |
| ############################################################################################################ | |
| # Import ecspresso's TOTPPowerShellModule (based on jonfriesen's TOTP Client for PowerShell). | |
| # Assumes the module is downloaded to C:\Temp\TOTP. | |
| # https://github.com/ecspresso/TOTPPowerShellModule | |
| # https://gist.github.com/jonfriesen/234c7471c3e3199f97d5 | |
| Import-Module C:\Temp\TOTP\totp.psd1 |
neil-sabol
/ ykman-yubikey-generate-static-password.ps1
Created
August 29, 2020 14:34
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an alias for ykman pointing to the install location | |
| set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe" | |
| # Run ykman to generate a random static password in Yubikey's config slot 2 | |
| ykman otp static 2 --generate --length 16 --force --keyboard-layout US |
neil-sabol
/ ykpersonalize-yubikey-generate-static-password.ps1
Last active
January 31, 2021 13:17
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/#closing-thoughts. This snippet uses the ykpersonalize (YubiKey Personalization Tool) command to generate a new static password on the Yubikey.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an alias for ykpersonalize pointing the the location it is downloaded to | |
| set-alias ykpersonalize "$env:localappdata\Programs\Yubico\bin\ykpersonalize.exe" | |
| # Generate a random hex (AES key) to serve as entropy (randomness source) for ykpersonalize | |
| $RandomHex = (((32)|%{((1..$_)|%{('{0:X}' -f (random(16)))})}) -Join "").ToLower() | |
| # Run ykpersonalize to generate a random static password in Yubikey's config slot 2 | |
| ykpersonalize -2 -a"$RandomHex" -ostatic-ticket -oshort-ticket -ostrong-pw1 -ostrong-pw2 -y |
neil-sabol
/ Duo-PSModule-Azure-Automation-RunBook-Auth-Example.ps1
Created
February 6, 2021 18:08
See https://blog.neilsabol.site/post/importing-duo-psmodule-mfa-powershell-module-azure-automation. This snippet demonstrates securely providing Duo integration details to the Duo-PSModule in Azure Automation using encrypted Automation Variables.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get Duo integration details from Automation Variables | |
| $duoiKey = Get-AutomationVariable -Name MyDuoiKey | |
| $duosKey = Get-AutomationVariable -Name MyDuosKey | |
| $duoApiHost = Get-AutomationVariable -Name MyDuoHostname | |
| $duoDirID = Get-AutomationVariable -Name MyDuoDirectoryID | |
| # Build the $DuoOrgs hashtable from retrieved Automation Variables | |
| [string]$DuoDefaultOrg = "Personal" | |
| [Hashtable]$DuoOrgs = @{ | |
| Personal = [Hashtable]@{ |
neil-sabol
/ Duo-PSModule-Azure-Automation-RunBook-User-Sync-Example.ps1
Created
February 6, 2021 18:16
See https://blog.neilsabol.site/post/importing-duo-psmodule-mfa-powershell-module-azure-automation. This snippet demonstrates securely providing Duo integration details to the Duo-PSModule in Azure Automation using encrypted Automation Variables and forcing a directory synchronization cycle for all Duo users.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get Duo integration details from Automation Variables | |
| $duoiKey = Get-AutomationVariable -Name MyDuoiKey | |
| $duosKey = Get-AutomationVariable -Name MyDuosKey | |
| $duoApiHost = Get-AutomationVariable -Name MyDuoHostname | |
| $duoDirID = Get-AutomationVariable -Name MyDuoDirectoryID | |
| # Build the $DuoOrgs hashtable from retrieved Automation Variables | |
| [string]$DuoDefaultOrg = "Personal" | |
| [Hashtable]$DuoOrgs = @{ | |
| Personal = [Hashtable]@{ |
OlderNewer