santisq

class JwtAssertion {
    [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate

    hidden [System.Text.Encoding] $encoding = [System.Text.Encoding]::UTF8

    hidden [hashtable] $claims = @{
        # exp: 5-10 minutes after nbf at most
        exp = [System.DateTimeOffset]::UtcNow.AddMinutes(5).ToUnixTimeSeconds()
        # jti: a GUID, unique identifier for the request
        jti = [guid]::NewGuid().ToString()

santisq

$stream = [System.IO.MemoryStream]::new([System.Text.Encoding]::UTF8.GetBytes(@'
[
  {
    "DomainName": "example1.com",
    "DomainNetBIOSName": "EXAMPLE1",
    "IDRanges": [
      { "RangeStart": 2000, "RangeEnd": 2999, "Attribute": "uidNumber", "AccountType": "Computer" },
      { "RangeStart": 3000, "RangeEnd": 3999, "Attribute": "uidNumber", "AccountType": "MSA" },
      { "RangeStart": 4000, "RangeEnd": 4999, "Attribute": "gidNumber", "AccountType": "Group" },
      { "RangeStart": 5000, "RangeEnd": 5999, "Attribute": "uidNumber", "AccountType": "AdmAccount", "IDGeneration": { "Type": "Calculation", "RefDomain": null } },

santisq

$subIdContext = @{
    Stage = 'xxxxx-xxxxx-xxxxx-xxxx'
    Prod  = 'xxxxx-xxxxx-xxxxx-xxxx'
}

if ($connected.Count -ne 2) {
    $connected = @(
        Connect-AzAccount -Subscription $subIdContext['Prod'] -SkipContextPopulation
        Connect-MgGraph
    )

santisq

$private:hash = @{ foo = 'bar' }
& {
    $type = $ExecutionContext.SessionState.PSVariable.GetType()
    $method = $type.GetMember('GetValueAtScope', [System.Reflection.BindingFlags] 'Instance, NonPublic')
    $method.Invoke($ExecutionContext.SessionState.PSVariable, ('hash', 'global'))['foo'] = 'nope'
}
$private:hash

santisq

Connect-AzAccount -Subscription $subIdContext['Prod']
Connect-MgGraph

class Identity {
    [string] $Id
    [string] $DisplayName
    [string] $Type

    Identity([hashtable] $identity) {
        $this.Id = $identity['id']

santisq

Add-Type -Assembly System.Windows.Forms

[System.Windows.Forms.Application]::EnableVisualStyles()

$MainForm = New-Object System.Windows.Forms.Form
$MainForm.Width = 420
$MainForm.Height = 200
$MainForm.FormBorderStyle = "Fixed3d"
$MainForm.MaximizeBox = $false
$MainForm.StartPosition = "CenterScreen"

santisq

Add-Type -Assembly System.Windows.Forms

[System.Windows.Forms.Application]::EnableVisualStyles()

$form = [System.Windows.Forms.Form]@{
    Size            = '500, 150'
    FormBorderStyle = 'Fixed3d'
}
$btn = [System.Windows.Forms.Button]@{
    Name     = 'MyButton'

santisq

Setup new Azure Data Explorer Table from MyAADLogs

This document details the steps needed to create a new Azure Data Explorer table for ingested logs from Azure Active Directory.

All ingested logs from AAD are written to a table in ADX named MyAADLogs, this table is overwritten over and over thus the need to create a parsing function which is used to filter the new ingested logs by their category and construct new records out of it to then write them to their corresponding tables.

Query MyAADLogs Table

First step is to query the MyAADLogs table filtering by the record.category property and expanding those properties of interest from each record. We can query the same logs using Log Analytics for comparison. For example, for NonInteractiveUserSignInLogs:

santisq

[System.Collections.Generic.List[int]] $list = 0..10mb
[int[]] $arr = $list.ToArray()

$ran = 0..100 | ForEach-Object { Get-Random -Maximum 15mb }

$tests = @{
    'Array.BinarySearch' = { [array]::BinarySearch($args[0], $args[1]) }
    'Array.IndexOf'      = { $args[0].IndexOf($args[1]) }
    'List.BinarySearch'  = { $args[0].BinarySearch($args[1]) }
    'List.IndexOf'       = { $args[0].IndexOf($args[1]) }

santisq

Add-Type '
using System;
using System.Management.Automation;

namespace IModuleAssemblyCleanupTest;

public class Testing : IModuleAssemblyCleanup
{
    public void OnRemove(PSModuleInfo psModuleInfo) =>
        Console.WriteLine("Hello!");