.pwsh

1. Generate a ECDSA private/public key using openssl Generate private key openssl ecparam -name prime256v1 -genkey -noout -out private.pem Generate a public key from our private key openssl ec -in private.pem -pubout -out public.pem 2. Strip out header, footer and decode base64 The ImportECPrivateKey method expects the key without the header, footer and as decoded base64 byte[]. $privkey = Get-Content private.pem $privkey = $privkey.Replace("-----BEGIN EC PRIVATE KEY-----", "") $privkey = $privkey.

For many, Powershell is associated with Windows. But did you know that it works just as good on MacOS and several Linux distributions? Ever since Powershell 6 (named Powershell Core) it has had support for running on multiple platforms, and it keeps getting better at each new version. Powershell is now at version 7.4.1 at the time of writing, and Powershell 7.5 is around the corner. I’ve been using Powershell as my main shell on MacOS since about two years ago.

Since Microsoft will deprecate the AzureAD, AzureADPreview and MSOnline modules sometime after 30. June 20231, many of us will have to migrate our scripts/modules to use the Microsoft Graph Powershell SDK or REST API. Recently, I’ve been migrating one of my company’s Powershell modules from using AzureAD and MSOnline to Microsoft Graph. This includes finding a replacement in Microsoft Graph for about 25 different cmdlets from these two modules. During this process I’ve gathered some useful tips for the journey that I want to share.

In this article I’m briefly looking at some options for securely handling secrets in Powershell scripts, so that we can avoid hard coded credentials and strengthen our security. Service Principal with certificate One of the most common approches when using a service principal is to setup a password (secret), so that you authenticate using a client_id and client_secret. But if these are stored in a script they can easily be exploited.

HTTP Basic Authentication is one of many authentication schemes supported by the HTTP protocol, and is a very common option when authenticating to a web service. The basic authentication scheme is very simple and consists of generating a base64 token from your username and password seperated by a colon (:) and putting the token in an Authorization HTTP header. Let’s explore some examples in Powershell. Manually creating the token Let’s start with an example from scratch.

As automators we often need to interact with REST API’s and if you are working with Microsoft Azure you probably found yourself dealing with several of Microsoft’s services i.e Microsoft Graph, Azure Resource Manager or Partner Center. Many of these services is supported by a Powershell module that handles authentication etc.. But I have found lately that more often than not it’s actually easier to just work with the raw REST API, especially for cross-platform development.

Microsoft Partner Center is a portal where you can manage all of your CSP customers and can give you a lot of access and power to do so. Therefor you should naturally have great security on the users that has access to this portal. Like MFA for example. Hopefully you have MFA enabled on all your Partner Center users, as you should. But MFA does not work great with unattended authentication, like in scripts for example.

If you are sending web requests with Powershell you will notice that if your requests fails, that is if it returns any status code other than 2xx, it will thrown an error. Now, how do get the details of the failed request? StatusCode In Powershell, when you use Invoke-WebRequest or Invoke-RestMethod, it will give you details about the failed request in the $_.Exception.Response object. Let’s say you want to know if the error is because of a bad request or an internal server error, you can do this:

Today I went back to some Powershell scripting with the Az module and it frustrated me that I wasn’t easily able to know what properties Get-AzADGroup (or any of the other Az cmdlets) returned to me without actually invoking the cmdlet. E.g I dont want to invoke New-AzADGroup just to be able to see what properties it will give me so I can use that in my script. Previously I’ve relied on IntelliSens in my editor, but it often fails, so I sought out to find a more manual solution (who would have thought.

Some Terraform projects can grow really big and I can be hard to keep track of which Azure resources are in use. Recently I found myself wanting to know which Azure resources our Terraform project use so that I could document them internally. It could also be helpful in case there has been some major changes to some resources in the azurerm Terraform provider that you want to check. This, not so little, one-liner will list all azurerm_ and azuread_ resources uniquely in your entire Terraform project if you run it from your root module.

Ever found yourself wanting to copy the output from a command to your clipboard without having to select it first? Or maybe copy the contents of a file, like a config file? In this short article we’re going to cover how to do that in Windows, MacOS and Linux with Powershell. The powershell way Powershell 7 has a built-in cross platform cmdlet for both getting and setting your clipboard. PS> "Hello, World!

By default, when you use the -InFile parameter of Invoke-RestMethod Powershell will send it as application/octet-stream. In this short article we’ll look at how to send that file with multipart/form-data instead which is what most forms on the web use. To send multipart/form-data with Powershell we can use the -Form parameter which takes a hashtable of fields and values. I couldn’t find a service that would allow us to test file uploads for free, so in this example we’re going to use the Confluence Cloud REST API to upload an attachment to a page.

For years I’ve been a fan of the linux bash, with easy support for ssh-keys, colorized directory listings and git info the prompt. But at the same time, I really love Powershell. I have finally found some usefull Powershell modules that has made me switch completly to Powershell in the terminal. Colorized Directory Listings The first module I’m going to introduce is the Get-ChildItemColor module by Joon Ro (github.com/joonro/Get-ChildItemColor). This module will override the Out-Default cmdlet and give you colorized directory listings when using Get-ChildItem or ls.

Azure Functions is one of Microsofts serverless services that you can setup in Azure. Being serverless means that you dont have to worry about the infrastructure and environment behind it and you will only pay for the capacity that you actually use when the function is running. Traditionally you would have a server that runs 24/7 and consume capacity. Very simplified, serverless will spin up and down as requests comes in.

From time to time you might need to share one or more of your meeting rooms with external users. In this posts we’re going through three options for how you can enable this. Other options do exists (like connecting an Office 365 tenant to another and so), but this post is meant for the time you need to give temporary access or only to one or more users. Disclaimer: I have only tried this is Exchange Online.

A very nice feature of Windows 10 is Windows Spotlight who serves beautiful wallpapers on your lock screen every day. It’s a shame these beautiful images are hidden in a system folder somewhere in Windows, so today I’m going to show you how you can extract these images with Powershell. You could perfectly do this manually, but since these images change periodically (haven’t found any info on when) its much easier to just run a script.

In this guide we’ll take a look at how you can scan your tenant for “hidden” forwarding rules by using Powershell with Exchange Online. Why One technique that is common amongs hackers, that gain access to email accounts, is to setup a forwarding rule for all incomming email. That way they can read all new emails sent to the victim without beeing flagget or detected by audit logs. They can also create rules for emails from a specific address that go to a folder the hacker controls, ie password reset emails.