Skip to content

Instantly share code, notes, and snippets.

View Torxsmind's full-sized avatar

Keith Templin Torxsmind

1 follower · 0 following
View GitHub Profile
@Torxsmind
Torxsmind / hybrid_on_guest_wifi.txt
Created January 15, 2024 17:36
Hybrid Joined Devices on Known network
SigninLogs
| where parse_json(tostring(parse_json(NetworkLocationDetails)[0].networkNames))[0] == "Guest WiFi"
| where DeviceDetail.trustType == "Hybrid Azure AD joined"
| extend displayName_ = tostring(DeviceDetail.displayName)
| project UserPrincipalName, displayName_
| summarize count() by UserPrincipalName, displayName_
| sort by count_
@Torxsmind
Torxsmind / Powershell_Fortinet_FSSO_Collector_inboutd_firewall_rules.ps1
Created December 31, 2023 15:18
Create Windows firewall rules to allow Fortigate FSSO Collector inbound communications.
<#
https://community.fortinet.com/t5/FortiGate/Technical-Tip-List-of-TCP-and-UDP-ports-used-by-the-FSSO/ta-p/194130
UDP/8002 – DC Agent keepalive and push logon info to Collector Agent
TCP/8001 – FortiGate to FSSO Collector Agent connection (SSL)
TCP/8000 – FortiGate to FSSO Collector Agent connection
TCP/8000 – NTLM
#>
$fgtIP = '192.168.0.1'
$DCs = @('192.168.0.51', '192.168.0.52', '192.168.0.61', '192.168.0.62')
@Torxsmind
Torxsmind / tail_defender_log.ps1
Last active December 29, 2023 00:34
Tail Windows Defender Firewall Logs
get-content $env:systemroot\system32\LogFiles\Firewall\pfirewall.log | Select-Object -Last 20
@Torxsmind
Torxsmind / get_nic_ip_info-create_set_script.ps1
Created September 16, 2021 01:11
Script to grab a NIC IP information, then create a secondary script to set the config back
### Set Common Parameters ###
$now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S"
$extNIC = "Ethernet"
$extSM = "255.255.255.0"
$outpath = "c:\temp\"
$outscriptname = "setIP_postwork.ps1"
$outfile = $outpath + $outscriptname
$CheckFilePath = Test-Path $outfile
## Get the current IPv4 info for external NIC ##
$NetIPextnic = (Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $extnic)
@Torxsmind
Torxsmind / get-all_ad_user_properties.ps1
Created April 9, 2021 13:49
Get all active directory users properties
$now = Get-Date -UFormat "%Y-%m-%d_%H-%M-%S"
$filepath = 'C:\temp\Service_Accounts_' + $now + '.csv'
Get-ADUser -Filter * -Searchbase "DC=domain,DC=com" -Properties * | Export-CSV -append -NoTypeInformation $filepath
@Torxsmind
Torxsmind / random_rename_files
Created August 27, 2020 01:23
Rename all files in a folder to random name
$files = Get-ChildItem -file -Path "C:temp\"
ForEach ($file in $files) {
Rename-Item -Path $file.FullName -NewName ([String]$(Get-Random) + $file.Extension)
}
@Torxsmind
Torxsmind / Azure_Config_change
Created August 11, 2020 13:39
Azure log analytics samples for VM Configuration changes
# Changes
ConfigurationChange
| take 5
# Data
ConfigurationData
| take 5
# Changes by Computer
ConfigurationChange
@Torxsmind
Torxsmind / remove_WSUS_settings.ps1
Created June 18, 2020 14:05
Override GPO to use WSUS
Remove-Item `
-Path HKLM:SoftwarePoliciesMicrosoftWindowsWindowsUpdate `
-Force `
-Recurse `
-ErrorAction SilentlyContinue;
Stop-Service -Name wuauserv;
Start-Service -Name wuauserv;
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
@Torxsmind
Torxsmind / get_oldest_and_newest_defender_logs
Created June 16, 2020 20:46
get oldest and newest logs from log analytics
let oldest = ProtectionStatus
| where TimeGenerated < ago(1h)
| top 10 by TimeGenerated desc;
let newest = ProtectionStatus
| where TimeGenerated < ago(1h)
| top 10 by TimeGenerated asc;
union oldest, newest
@Torxsmind
Torxsmind / PCI-Req2-MFA-Use
Created June 15, 2020 12:49
PCI Requirement2 MFA Proof Azure KQL
SigninLogs
| where Status contains "MFA"
| project TimeGenerated,OperationName,ResultDescription,AuthenticationRequirement,Status.additionalDetails,AuthenticationDetails,ConditionalAccessPolicies