Skip to content

Instantly share code, notes, and snippets.

View rezamt's full-sized avatar

Khan rezamt

6 followers · 40 following
View GitHub Profile
@rezamt
rezamt / errorcodes.md
Created May 26, 2025 12:33
Entra Error Codes

AADSTS Error Codes Categorized

User Account & Identity Issues

  • AADSTS16000: User account doesn't exist in tenant and can't access the application. [cite: 1]
  • AADSTS16003: User hasn't been explicitly added to the tenant. [cite: 9]
  • AADSTS50014: User account doesn’t exist in the directory (Guest user in pending state). [cite: 59]
  • AADSTS50015: User requires legal age group consent. [cite: 62]
  • AADSTS50020: User account from identity provider does not exist in tenant and cannot access the application. [cite: 66]
  • AADSTS50034: User account not found; account must be added to the directory. [cite: 79]
  • AADSTS50053: Account is locked (too many incorrect sign-in attempts) or sign-in blocked from malicious IP. [cite: 86, 87]
@rezamt
rezamt / deepseek.md
Last active May 27, 2025 04:52
Signins error codes

DeepSearch Critical Error Codes to Monitor:

AADSTS50000 - TokenIssuanceError (Sign-in service issue)

AADSTS50001 - InvalidResource (Resource disabled or doesn't exist)

AADSTS50053 - IdsLocked (Account locked due to suspicious activity)

AADSTS50055 - InvalidPasswordExpiredPassword (Password expired)

@rezamt
rezamt / report.spl
Created May 21, 2025 06:51
splunk-report
index=your_index_name sourcetype="your_sourcetype" IsInteractive=true
| eval week=strftime(_time, "%U"), day=strftime(_time, "%Y-%m-%d")
| eval Result=if(ResultType="0", "Success", "Failure")
| eval weekLabel=case(relative_time(now(), "@w0") <= _time, "This Week", relative_time(now(), "-1w@w0") <= _time AND _time < relative_time(now(), "@w0"), "Last Week", "Other")
| search weekLabel="This Week" OR weekLabel="Last Week"
| stats count by day, weekLabel, Result
| eval Label=case(Result="Success" AND weekLabel="This Week", "Current Success",
Result="Failure" AND weekLabel="This Week", "Current Failure",
Result="Success" AND weekLabel="Last Week", "Success Trend (Last Week)",
Result="Failure" AND weekLabel="Last Week", "Failure Trend (Last Week)")
@rezamt
rezamt / Check CSV.ps1
Last active May 2, 2025 02:00
GPOCheck
$gpoList = Get-CsvData -FilePath "gpo-data.csv"
$gpoList| foreach {
$gpo = Get-GPO -Guid $_.ID
# Write-Output "$($gpo.Id),$($gpo.DisplayName),$($gpo.Owner)"
$gpo
}
@rezamt
rezamt / README.md
Last active April 29, 2025 00:53

Lookup invalid Authenication Method

| makeresults count=6
| streamstats count as _n
| eval method=case(
    _n=1,"Windows Hello for Business",
    _n=2,"Microsoft Authenticator push",
    _n=3,"Pincode",
 _n=4,"Microsoft Authenticator push",
@rezamt
rezamt / README.md
Created April 2, 2025 11:47
Workload Identity

https://nicolasuter.medium.com/why-you-should-use-entra-workload-identity-federation-dfe8b6b626a1

When can I use Workload Identity Federation?

Which scenarios support “Workload identity Federation”?

  • Workloads running on any Kubernetes cluster (Azure Kubernetes Service (AKS), Amazon Web Services EKS, Google Kubernetes Engine (GKE), or on-premises)
  • GitHub Actions (CI / CD Pipelines) [2]
  • GitLab (CI / CD Pipelines) [3]
  • Workloads / VMs Google Cloud
  • Workloads / VMs running in Amazon Web Services (AWS)
@rezamt
rezamt / RSA - Reference
Created October 8, 2024 00:16
RSA reference architecture
# Framework
# Reference Architecture
https://www.youtube.com/watch?v=1fjXNfIysbg&t=2612s
@rezamt
rezamt / README.md
Created October 1, 2024 13:29
SAML Signing Benefits

Enforcing signed SAML authentication requests offers several key benefits:

Enhanced Security:

By requiring signed requests, you ensure that the authentication requests are coming from a trused source. This helps prevent unauthorized access and reduces the risk of man-in-the-middle attacks1.

Data Integrity:

Signed requests guarantee that the data within the authentication request has not been tampered with during transmission. This ensures the integrity of the authentication process1.

Compliance:

Many regulatory frameworks and security standards require the use of signed authentication requests to ensure secure data exchange. Enforcing signed requests helps organizations meet these compliance requirements1.

@rezamt
rezamt / risk.md
Created September 30, 2024 03:19
opai
  1. Data Privacy: Understand what type of data Copilot is accessing. Does it have access to sensitive, personal, or confidential information (like customer data, codebases, or proprietary documentation)? Review the privacy policies and how your data is stored, transmitted, and used.
  2. Permission Levels: Ensure that Copilot is operating under the principle of least privilege, meaning it should only access the minimum amount of data necessary for its function. Verify that user roles and permissions are well-defined and properly implemented.
  3. Data Retention and Usage: Look into how long Copilot retains your data and for what purpose. Make sure the retention policies align with your organization’s compliance and data protection requirements. Can you delete or anonymize the data if necessary?
  4. Security Protocols: Evaluate the security measures in place. Does Copilot use encryption (both in transit and at rest)? What security frameworks and standards does it follow (e.g., SOC 2, ISO 27001)?
  5. Audit and Monitor
@rezamt
rezamt / yamlconfig.md
Created September 8, 2024 10:13
poweshell

Read YAML and generate Markdown

param( [Parameter(Mandatory=$true)] [string]$YamlFilePath,

[Parameter(Mandatory=$true)]
[string]$OutputMarkdownPath

)