Tuesday, August 15, 2023

Websites that disable right click and highlight bypass

Using Google Chrome or MS Edge:

Disable Javascript post page load.
1. Open console in dev tools
2. press ctrl - alt - p
3. In the run dialog blox type in javascript and select 
"Disable Javascript"

Disable CSS from loading 
1. Open console in dev tools
2. press ctrl - alt - p
3. In the run dialog box type in "Network request blocking"
4. on the drawer that appears check "Enable Network request blocking"
5. Click the plus button and add pattern
6. type in pattern "*.css"

Tuesday, June 20, 2023

Powershell - Microsoft Graph reports - Get MFA status of users.

Requires an App Registration be setup with proper API permissions and a self-signed certificate for authentication to it.


Select-MgProfile -Name "beta"

$TenantId = "XXXXX"

$AppId = "XXXXX"

Connect-MgGraph -ClientId $AppId -TenantId $TenantId -CertificateThumbprint "XXXXXXX"

$report = Get-MgReportCredentialUserRegistrationDetail -all

$report| select @{name="AuthMethods";e={$_.AuthMethods -join ","}},IsCapable,IsEnabled,IsMfaRegistered,IsRegistered,UserDisplayName,UserPrincipalName | Select UserPrincipalName,UserDisplayName,IsCapable,IsEnabled,IsMfaRegistered,IsRegistered,AuthMethods | export-csv -NoTypeInformation -Path "c:\reports\MFA - MFA Audit Logs.csv"


Thursday, June 1, 2023

Custom View for Events NTLMv1 on a DC


  <Query Id="0" Path="Security">

    <Select Path="Security">*[System[(EventID=4624)] and EventData[Data[@Name='LmPackageName']='NTLM V1']]</Select>



Friday, March 17, 2023

Powershell: Get all DNS records from AD DNS

  # Load the DNS Server module
Import-Module DnsServer

# Set the output folder
$outputFolder = "C:\temp\Final"
$DNSServer = DNSServer.com
# Get all DNS zones
$zones = Get-DnsServerZone -ComputerName $DNSServer

# Loop through each zone and export its records to a separate CSV file
foreach ($zone in $zones) {
    $records = Get-DnsServerResourceRecord -ZoneName $zone.ZoneName -ComputerName $DNSServer| `
     select hostname,`
     @{n='Data';e={$rr = $_;`
     switch ($rr.RecordType) {
        'A'     {$rr.RecordData.IPv4Address}
        'CNAME' {$rr.RecordData.HostnameAlias}
        'NS' {$rr.RecordData.NameServer}
        'SOA' {$rr.RecordData.PrimaryServer}
        'SRV' {$rr.RecordData.DomainName}
        'PTR' {$rr.RecordData.PtrDomainName}
        'MX' {$rr.RecordData.MailExchange}
        'AAAA' {$rr.RecordData.IPv6Address}
        'TXT' {$rr.RecordData.DescriptiveText}
    $outputFile = "$outputFolder\$($zone.ZoneName).csv"
   $records | Export-Csv -NoTypeInformation -path $outputFile

# Output confirmation message
Write-Host "DNS records exported to $outputFolder."

Thursday, February 2, 2023

Powershell: AD DHCP scope information

Needed a script to export dhcp scope and scope id for a domain.

  $report = @()
  $DHCPServer = DHCPServerHostname
  $scopes =Get-DhcpServerv4Scope -ComputerName $DHCPServer
  foreach ($scope in $Scopes){
    $scopeID = $scope.ScopeId
    $report += Get-DhcpServerv4OptionValue -ScopeId $scopeID -ComputerName $DHCPServer |`
    select @{name="ScopeID";e={$scopeID}},OptionID,Name,Type,@{Name="Value";e={$_.value -join ";"}
    $report | export-csv -NoTypeInformation -path "c:\temp\DHCPScopeIDwithOption.csv"
    $scopes | export-csv -NoTypeInformation -path "c:\temp\DHCPScopeIDwithMask.csv"

Monday, August 9, 2021

Powershell - Extract ADFS certificates from ADFS server

Wrote script so people specify the adfs server and the signature and encryption certificate will extract the certs to two files stored in c:\temp

# just put in the ADFS server name 

$AdfsServer = 'adfs.microsoft.com'

[xml]$XmlDocument = (New-Object System.Net.WebClient).DownloadString("https://$AdfsServer/FederationMetadata/2007-06/FederationMetadata.xml")

#ADFS Signing Certificate

$Cert = $xmldocument.entitydescriptor.roledescriptor.keydescriptor | select Use,@{Name="x509"; Expression={(($_.keyinfo).X509data).x509certificate}}

#Sign Cert

$cert | ? {$_.use -eq "signing"} | select -ExpandProperty x509 | out-file c:\temp\Signcert.cer

#Encryption Cert

$cert | ? {$_.use -eq "encryption"} | select -ExpandProperty x509 | out-file c:\temp\Encryptioncert.cer


Wednesday, July 29, 2020

Powershell - Get certificate information

 List Certificate Templates

function get-CertificateTemplates {
[CmdletBinding()] Param (
     [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
$DefaultPartition = Get-ADDomainController -Server $forest | select -expand DefaultPartition

$configcontext = "CN=Configuration,$($DefaultPartition)"
$ADSI = [ADSI]"LDAP://CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigContext"

$ADSI.Children | Sort-Object Name | Select-Object DisplayName, Name, msPKI-Cert-Template-OID

List Certificate CDP info

function get-CertificateCDP {
[CmdletBinding()] Param (
     [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]

$DefaultPartition = Get-ADDomainController -Server $forest | select -expand DefaultPartition

$configcontext = "CN=Configuration,$($DefaultPartition)"
$ADSI = [ADSI]"LDAP://CN=cdp,CN=Public Key Services,CN=Services,$ConfigContext"

$ADSI.Children  | select cn,Children,path

List Certificate Auhtorities in forest - requires activedirectory module

function get-CertificationAuthorities {
[CmdletBinding()] Param (
     [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]

$DefaultPartition = Get-ADDomainController -Server $forest | select -expand DefaultPartition

$configcontext = "CN=Configuration,$($DefaultPartition)"
$ADSI = [ADSI]"LDAP://CN=Certification Authorities,CN=Public Key Services,CN=Services,$ConfigContext"

$ADSI.Children | select name,whenCreated