jpbruckler

# calculate IP address range from CIDR notation and optionally
# provide the full range to iterate over
# https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

function cidrToIpRange {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory)][string]$cidrNotation,
        [switch]$IncludeRange,                    # add the Range property
        [switch]$ExcludeNetworkBroadcast          # skip net & broadcast addresses

jpbruckler

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Entra Group Definitions",
  "type": "object",
  "properties": {
    "tenants": {
      "type": "array",
      "items": {
        "type": "object",
        "required": ["id", "groups"],

jpbruckler

git clone --bare [email protected]:jpbruckler/dotfiles.git $HOME/.dotfiles
function config {
   /usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME $@
}
mkdir -p .config-backup
config checkout
if [ $? = 0 ]; then
  echo "Checked out config.";
  else
    echo "Backing up pre-existing dot files.";

jpbruckler

function Invoke-IamWorkflow {
    <#
    .SYNOPSIS
        Invokes one or more worker scripts in parallel using a runspace pool, passing in items and a shared thread-safe state.

    .DESCRIPTION
        The Invoke-IamWorkflow function takes an array of input objects and an array of worker script names.
        It creates a shared ConcurrentDictionary to store global or aggregated state in a thread-safe manner.
        Each worker script is executed in its own runspace, When all worker scripts have finished executing,
        the function outputs the per-run results as well as the final shared state.

jpbruckler

<#
.SYNOPSIS
    Assigns Data Collection Rules to Azure VMs and Azure Arc servers.

.DESCRIPTION
    This script connects to Azure, retrieves all Windows Azure VMs and Azure Arc
    servers from specified subscriptions, and applies Data Collection Rules to
    them. It is intended to streamline the setup of monitoring across both Azure
    VM and Azure Arc environments by automating the association of DCRs.

jpbruckler

format = """
$os\
$username\
$c\
$dotnet\
$elixir\
$erlang\
$java\
$kotlin\
$lua\

jpbruckler

#Install WinGet
#Based on this gist: https://gist.github.com/crutkas/6c2096eae387e544bd05cde246f23901
$hasPackageManager = Get-Command winget -ErrorAction SilentlyContinue
[version]$version = if ($hasPackageManager) {
    (winget --version).trim('v')
}
else {
    '0.0.0'
}
$releasesUrl = 'https://api.github.com/repos/microsoft/winget-cli/releases/latest'

jpbruckler

function New-DcrXPathFilter {
    <#
    .SYNOPSIS
        Generates an XPath filter based on specified Event IDs and a log name.  

    .DESCRIPTION
        The New-DcrXPathFilter function takes an array of Event IDs, a log name,
        and an optional operator to create an XPath filter. This filter can be
        used to query specific events from the Windows Event Log.   

jpbruckler

Write-Host ("Starting PowerShell Universal upgrade...")

$PSUSettingsPath = (Join-Path -Path $env:ProgramData -ChildPath '\PowerShellUniversal\appsettings.json')
if (-not (Test-Path $PSUSettingsPath)) {
    $PSUSettingsPath = Read-Host ('Unable to find appsettings at {0}. Enter path to appsettings.json' -f $PSUSettingsPath)    
}

$PSUSettings = Get-Content $PSUSettingsPath -Raw | ConvertFrom-Json -Depth 10

$cred = get-credential -Message 'Enter credential for PowerShell Universal Service Account'

jpbruckler

function Get-AttackSurfaceReductionConfig {
    param(
        [switch]$Full
    )

    $guidLookup = @{
        '56a863a9-875e-4185-98a7-b882c64b5ce5' = 'Block abuse of exploited vulnerable signed drivers'
        '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' = 'Block Adobe Reader from creating child processes'
        'd4f940ab-401b-4efc-aadc-ad5f3c50688a' = 'Block all Office applications from creating child processes '
        '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' = 'Block credential stealing from the Windows local security authority subsystem (lsass.exe) '