zjorz

#######
# Finding All Candidate EXPLICIT Allow ACEs To Investigate For dMSA Abuse In AD Domain
#######

Clear-Host

# Execution Date/Time
$datetime = Get-Date

# Local Computer Domain

nathanmcnulty

Graph PowerShell:

(Invoke-MgGraphRequest -Uri "/beta/reports/serviceActivity/getMetricsForConditionalAccessBlockedSignIn(inclusiveIntervalStartDateTime=$((Get-Date).AddMinutes(-5).ToString("yyyy-MM-ddTHH:mm:ssZ")),exclusiveIntervalEndDateTime=$((Get-Date).ToString("yyyy-MM-ddTHH:mm:ssZ")),aggregationIntervalInMinutes=5)").value

Logic App:

{
    "definition": {
        "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
        "contentVersion": "1.0.0.0",

zjorz

$tenantFQDN           = "<TENANT NAME>.ONMICROSOFT.COM"                        # <= CONFIGURE THIS!!!!!
$appRegDisplayName    = "<APPLICATION DISPLAY NAME>"                           # <= CONFIGURE THIS!!!!!
$credentialType       = "<CREDENTIAL TYPE>" # "Secret" OR "Certificate"          <= CONFIGURE THIS!!!!!
$lifetimeSecretInDays = 365                                                    # <= CONFIGURE THIS!!!!!
$certCERFilePath      = "<CERTIFICATE CER FILE PATH>"                          # <= CONFIGURE THIS!!!!!
$mailboxMailAddress   = "<MAIL ADDRESS OF MAILBOX TO ALLOW TO SEND MAIL FROM>" # <= CONFIGURE THIS!!!!!

Invoke-Command -ArgumentList $tenantFQDN,$appRegDisplayName,$credentialType,$lifetimeSecretInDays,$certCERFilePath,$mailboxMailAddress -ScriptBlock {
	Param (
		$tenantFQDN,

nathanmcnulty

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity",
  "id": "876aef31-50a3-4c79-b77a-7ba8f8941317",
  "createdDateTime": "2024-09-06T01:23:30.5342067Z",
  "displayName": "PIM - Require strong re-authentication from compliant device",
  "state": "enabledForReportingButNotEnforced",
  "conditions": {
    "clientAppTypes": [ "all" ],
    "signInRiskLevels": [ ],
    "userRiskLevels": [ ],

richardhicks

# This Gist is a PowerShell script to set the SSL Cipher Suite Order Group Policy Object (GPO) for Windows Server 2016 and 2019/2022.
# Reference: https://www.dsinternals.com/en/active-directory-domain-controller-tls-ldaps/

# Security optmized cipher suite list for Windows Server 2019/2022
$Ciphers2022 = 'TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'

# Security optmized cipher suite list for Windows Server 2016
$Ciphers2016 = 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'

$GpoName = 'Domain Controller Security Baseline'

wtfiwtz

Import this list into an app like "Number Shield" that can block whole number ranges
https://apps.apple.com/au/app/number-shield/id1319082167
https://www.kinnamansoftware.com/number-shield

Full number database for Australia - downloadable from https://www.thenumberingsystem.com.au/#!/number-register/search

I haven't tested this yet, but going to very soon now!

02 3813 7xxx
02 3813 9xxx

atulkamble

Index

• Windows 11
  • RTM Generic Keys
  • KMS Client Product Keys
• Windows 10
  • Default Product Keys
  • Default Product Keys for OEM Activation 3.0
• RTM Product Keys

dafthack

00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management
04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI
0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA
18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs
1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell
1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight
1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell
1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams
22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client
268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client

githubfoam

==========================================================================================================
#Slmgr.vbs Options for Volume Activation
Attempting to manage an older system from Windows 7 or Windows Server 2008 R2 will generate a specific version mismatch error

==========================================================================================================
#ChatGPT
Explain Key Management Server in windows.

A Key Management Server (KMS) is a feature in Microsoft Windows that allows organizations to activate volume licensed versions of Windows and Office products within their network environment without the need for individual activation keys for each computer.

githubfoam

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# PS : ChatGPT makes mistakes, consider "trust but verify" principle
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#Events to Monitor
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#run 
eventvwr.msc            Event viewer
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Event Viewer(Local)-Windows Logs (shutdown / restart )