nathanmcnulty

$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
$session.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0"
$session.Cookies.Add((New-Object System.Net.Cookie("MC1", "<redacted>", "/", ".microsoft.com")))
$session.Cookies.Add((New-Object System.Net.Cookie("ai_user", "<redacted>", "/", "security.microsoft.com")))
$session.Cookies.Add((New-Object System.Net.Cookie("MicrosoftApplicationsTelemetryDeviceId", "<redacted>", "/", "security.microsoft.com")))
$session.Cookies.Add((New-Object System.Net.Cookie("SSR", "<redacted>", "/", "security.microsoft.com")))
$session.Cookies.Add((New-Object System.Net.Cookie("msresearch", "<redacted>", "/", ".microsoft.com")))
$session.Cookies.Add((New-Object System.Net.Cookie("MSFPC", "<redacted>", "/", "security.microsoft.com")))
$session.Cookies.Add((New-Object System.Net.Cookie("X-PortalEndpoint-RouteKey", "wusprod_westus", "/", "security.microsoft.com")))
$session.Coo

nathanmcnulty

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity",
  "id": "876aef31-50a3-4c79-b77a-7ba8f8941317",
  "createdDateTime": "2024-09-06T01:23:30.5342067Z",
  "displayName": "PIM - Require strong re-authentication from compliant device",
  "state": "enabledForReportingButNotEnforced",
  "conditions": {
    "clientAppTypes": [ "all" ],
    "signInRiskLevels": [ ],
    "userRiskLevels": [ ],

nathanmcnulty

# list of permissions
[array]$permissions = "Directory.Read.All","Policy.Read.All","Reports.Read.All","DirectoryRecommendations.Read.All","PrivilegedAccess.Read.AzureAD","IdentityRiskEvent.Read.All","RoleEligibilitySchedule.Read.Directory","RoleManagement.Read.All","Policy.Read.ConditionalAccess","UserAuthenticationMethod.Read.All"

# create application
$app = New-MgApplication -DisplayName "Maester DevOps"

# create service principal
$graphSpId = (Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'").Id
$sp = New-MgServicePrincipal -AppId $app.appId

nathanmcnulty

{
    "definition": {
        "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
        "actions": {
            "Condition": {
                "actions": {},
                "else": {
                    "actions": {}
                },
                "expression": {

nathanmcnulty

# Connect to Microsoft Graph
Connect-MgGraph -Scopes Application.Read.All
 
# Get all Entra ID applications
$allApps = Get-MgApplication -All $true
$array = @()
# Loop through each application
foreach ($app in $allApps) {
    Write-Host "Application Name: $($app.DisplayName)"
 

nathanmcnulty

# Get Access Token
$auth = @{
    Method = "POST"
    Uri = "https://accounts-api.airthings.com/v1/token"
    Body = [Ordered] @{
        "grant_type" = "client_credentials"
        "client_id" = "49e83d9d-994b-4e8a-962d-a92cc9dfb874"
        "client_secret" = "58c5318a-afc0-4d0a-b517-42e650c2289e"
        "scope" = "read:device:current_values"
    }

nathanmcnulty

Get-ADComputer -Filter * | ForEach-Object { 
  $laps = (Get-LapsADPassword $_)
  $cred  = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $laps.Account, $laps.Password
  Invoke-Command -ComputerName $_ -Credential $cred -ScriptBlock { $env:COMPUTERNAME; (Get-ChildItem).Name }
}

nathanmcnulty

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v ASRRules /t REG_SZ /d "56a863a9-875e-4185-98a7-b882c64b5ce5=1|7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c=1|d4f940ab-401b-4efc-aadc-ad5f3c50688a=1|9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2=1|be9ba2d9-53ea-4cdc-84e5-9b1eeee46550=1|01443614-cd74-433a-b99e-2ecdc07bfc25=1|5beb7efe-fd9a-4556-801d-275e5ffc04cc=1|d3e037e1-3eb8-44c8-a917-57927947596d=1|3b576869-a4ec-4529-8536-b80a7769e899=1|75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84=1|26190899-1602-49e8-8b27-eb1d0a1ce869=1|e6db77e5-3df2-4cf1-b95a-636979351e5b=1|d1e49aac-8f56-4280-b9ba-993a6d77406c=1|b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4=1|92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b=1|c1db55ab-c21a-4637-bb3f-a12568109d35=1"

nathanmcnulty

((Invoke-RestMethod -Uri ((Invoke-WebRequest -Uri "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519" -UseBasicParsing ).links.href | Where-Object { $_ -like "*.json" })[0]).values | Where-Object { $_.name -eq "AzureAdvancedThreatProtection" }).properties.addressPrefixes | Where-Object { $_ -notlike "*:*" }

nathanmcnulty

[array]$results = "Recommendation,CPR,OS,KB,URL"
(Invoke-WebRequest -Uri "https://www.rockwellautomation.com/ms-patch-qualification/Tabs3_new.htm").links.href | ForEach-Object {
    $response = Invoke-WebRequest -Uri "https://www.rockwellautomation.com/$_"
    [array]$content = $response.ParsedHtml.body.innerHTML -split "`r`n" | Where-Object { $_ -match '<TD class' } | ForEach-Object { $_.Split('<>')[2..3] } | Where-Object { $_ -ne "" }
    $content | ForEach-Object { 
        if ($_ -eq "Fully Qualified") { $fq = $true }
        if ($fq) {
            if ($_ -like "SR*") { $sr = $_}
            if ($_ -in "2012R2","Win8_1x64","2016","Win10","2019","Win10_20H2") { $os = $_}
            if ($_ -like "*support.microsoft.com*") { $url = $_.Split('"')[1] }