s4parke

<#

.Synopsis

  Forked from: https://github.com/Azure/Microsoft-Defender-for-Cloud
  
  Can be used when there are dual levels of ASC policies assignments at Management group and subscription level. If you want ASC policy to be inherited correctly at the management group, 
  this script Removes ASC Default policy assignment at subscription level by doing the following steps

  1. Seeking all of your management groups and a match for a ASC Default definition in policy assignment at Management Group Level.

s4parke

function Get-AzLastCall {
  <#
  .SYNOPSIS
  Get the last caller from the ActivityLog on a resource or resource group.
  Useful to find who what & when.

  .DESCRIPTION
  Inputs: ResourceGroupName (required) and ResourceName (optional).
  Outputs: Array-list of PSEvent Objects

s4parke

People

:bowtie:	😄 :smile:	😆 :laughing:
😊 :blush:	😃 :smiley:	☺️ :relaxed:
😏 :smirk:	😍 :heart_eyes:	😘 :kissing_heart:
😚 :kissing_closed_eyes:	😳 :flushed:	😌 :relieved:
😆 :satisfied:	😁 :grin:	😉 :wink:
😜 :stuck_out_tongue_winking_eye:	😝 :stuck_out_tongue_closed_eyes:	😀 :grinning:
😗 :kissing:	😙 :kissing_smiling_eyes:	😛 :stuck_out_tongue:

s4parke

function Search-BlockedSendersAndDomains {
    <#
        .DESCRIPTION
        Search by keyword in a user's blocked senders and domains.
	Wildcards are automatically added before and after the search string.
	
        .PARAMETER Identity
        Email address of the user. "[email protected]".

        .PARAMETER Term

s4parke

--password=THISISTHEPDFPASSWORD

s4parke

// Extract the entities for high severity AATP alerts
SecurityAlert
| where ProviderName == "Azure Advanced Threat Protection"
| where AlertSeverity == "High"
| extend Ent = parse_json(Entities)
| mvexpand Ent
| extend AccountCustomEntity = tostring(Ent.Name)
| extend HostCustomEntity = tostring(Ent.HostName)
| extend IPCustomEntity = tostring(Ent.Address)

s4parke

// Extract the enti8ties for high severity AATP alerts
SecurityAlert
| where ProviderName == "Azure Advanced Threat Protection"
| where AlertSeverity == "High"
| extend Ent = parse_json(Entities)
| mvexpand Ent
| extend AccountCustomEntity = tostring(Ent.Name)
| extend HostCustomEntity = tostring(Ent.HostName)
| extend IPCustomEntity = tostring(Ent.Address)

s4parke

#!/bin/bash

shopt -s nullglob
PHOTOS=$HOME/tmp/pics/
for p in $PHOTOS/*.jpg
do
	echo "Creating XMP sidecar file for $p ...\n"
	touch $PHOTOS/$p.xmp.xml
	echo "\n\n Creating SHA256 sidecar file for ... $p\n"
	openssl dgst -sha256 $p > $PHOTOS/$p.sha.txt

s4parke

# Make a hash of the image data
openssl dgst -sha256 wreckage.jpg > digest.txt

# Make a hash of DC metadata from XMP sidecar file
xml sel -N dc="http://purl.org/dc/elements/1.1/" -t -m "//dc:title" -c . -m "//dc:creator" -c . -m "//dc:description" -c . -n gator-meta.jpg.xml | openssl dgst -sha256 >> digest.txt

# Sign and base64 encode the digest
openssl rsautl -sign -inkey private_key.pem -keyform PEM -in digest.txt | base64 > signature

# Put the signature into the XMP sidecar file

s4parke

-- USE shuti_private_production;
UPDATE participant_private_data SET 
  participant_id = 999999,
  prop_value_binary = 1,
  prop_value_boolean = 1,  
  prop_value_integer = 999999,  
  prop_key = 'Zxd2lcwZUPDy1Aqv3dQpjOIhqOxqVJeBsy307mjijZ5gD9LHNB0N7GZoXfRTiN3JSDvOpjyu0k7UVm6Fr6k4m9I8kbAg23E3emZ0VitX3Cy46RJ01h0Pw6H07SH5skumig60p5PNolR2HUklD4eBVXqCXCSsodQbaHGjgUaIz1Z8ydRvURo3gzGKvSG48keEivOgPFV8',
  prop_value = '1DqGViFRX8fHWRcD7Q4Rjjzinvf1pgWqXSM8o3DBkFxYrNOqjqUcUwNBPH33q03xpTbjbAOYgwnTiEgx5WWOk5QukDVKW8p5PQ9WOrzXZMnoZ3EFINWsp5XB88sz91N6a8P59aH4M5jIewOqfuJMybH2uKIe0nIcaDeapuQMRYigo33uUpR8rRhAj4FNxUlf2PLYjEerw9pTyMGeSmSN7lsteR2hYw3RzR25VEC2TxgkK3uDeT6BBFDfpq',
  prop_value_text = 'fFiii6z9r071aNawt95XKfD9g8t6AyeYxGTzRkULiTz8zn9GL0NcFEyltwNplprNpGfKHNZ8yNqoZIo2JsaP6OnhmOb7hXij7z1YKqtheABKtsZ6NHiFSpEpLVqfnNiDAimo1PZXbejen2SnAMEfGtXrFD7W9oXswMIH19vONAe4LlrhfstaKUaGT7soeMAl8Kmaqe63uUttEOGn3W7jIY1L7YsYlSFam7rrXfTxkNBpBkkW6muyUES3mMKA8zwTARV4BuRoBJOFQZ7Rc98ngq4FqVahu16EVWUN5WKui8Kzq0bCzA8UIzq9Mp87tS9q0r0AruEKMaay1P