Code Snippets

$contactItems = @() $outlook = New-Object -ComObject Outlook.Application $namespace = $outlook.GetNamespace("MAPI") $contactFolders = ($namespace.Folders | where {$_.Folderpath -like "*Outlook-Datendatei*"}).Folders foreach($contactFolder in $contactFolders){ foreach($contact in $contactFolder.Items){ try{ $contactBirthdayOld = $null $contactBirthdayOld = $contact.PropertyAccessor.GetProperty("http://schemas.microsoft.com/mapi/proptag/0x3A420040") #PidTagBirthday }catch{ # Nothing to do here } if($contactBirthdayOld -ne $null -AND $contactBirthdayOld -notlike ""){ $contactCreationTime = $contact.PropertyAccessor.GetProperty("http://schemas.microsoft.com/mapi/proptag/0x30070040") #PR_CREATION_TIME $contactBirthdayNew = $contact.Birthday try{...

C:\Users\kschweiger>klist Current LogonId is 0:0x1ec5e67d Cached Tickets: (1) #0> Client: kschweiger @ TEST.SYSTEMS Server: krbtgt/TEST.SYSTEMS @ TEST.SYSTEMS KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96 Ticket Flags 0xe10000 -> renewable initial pre_authent name_canonicalize Start Time: 2/21/2025 20:16:48 (local) End Time: 2/22/2025 6:16:48 (local) Renew Time: 2/28/2025 20:16:48 (local) Session Key Type: AES-256-CTS-HMAC-SHA1-96 Cache Flags: 0x1 -> PRIMARY Kdc Called:...

### .NET Framework 4.X Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord ### .NET Framework 3.X Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord Set-ItemProperty -Path...

{ "aud": "6ae19765-6bce-47fe-ab39-fea801fba272", "iss": "https://auth.schweigerstechblog.de/adfs", "iat": 1697447965, "nbf": 1697447965, "exp": 1697451565, "auth_time": 1697447577, "sub": "K9aaS9eMkJiUcrEoaTbXZR90U99U7HlxSKa5CQ2s7oc=", "upn": "kschweiger@schweigerstechblog.de", "unique_name": "SWT\kschweiger", "pwd_url": "https://auth.schweigerstechblog.de/adfs/portal/updatepassword/", "sid": "S-1-5-21-988405549-3412143714-2819284977-3374", "EmployeeID": "01", "Department": "Blogging", "apptype": "Confidential", "appid": "6ae19765-6bce-47fe-ab39-fea801fba272", "authmethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "ver": "1.0", "scp": "openid" }

[PS] C:Windowssystem32>Get-Mailbox test01@test.com | fl EmailAddresses, LegacyExchangeDN EmailAddresses : {smtp:test01@test.de, SMTP:test01@test.com, smtp:test01-smtp@test.com} LegacyExchangeDN : /o=Test/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=9aee20dc504d453781f27fdfade08396-test01

#Exchange Online [PS] C:Windowssystem32> Get-Mailbox test01@test.com Name Alias Database —- —– ——– 32b2bd38-24a0-4ed1-9c5… test01 DEUP281DG201-db215 #Exchange On-Premises [PS] C:Windowssystem32>Get-Mailbox -Identity test01@test.com Name Alias ServerName ProhibitSendQuota —- —– ———- —————– Test01 test01 exc8201 Unlimited

.\CVE-2023-23397.ps1 -Environment OnPrem -UserMailboxes kevin@schweigerstechblog.de -EWSServerURL https://exchange.schweigerstechblog.de/EWS/Exchange.asmx Cmdlet CVE-2023-23397.ps1 an der Befehlspipelineposition 1 Geben Sie Werte für die folgenden Parameter an: Credential CVE-2023-23397 script version 23.03.15.2119 Trying to find Microsoft.Exchange.WebServices.dll in the script folder Microsoft.Exchange.WebServices.dll was found in the script folder Scanning 1 of 1 mailboxes (currently: kevin@schweigerstechblog.de) No vulnerable item found

Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin Source: DeviceManagement-Enterprise-Diagnostics-Provider Event ID: 76 Level: Error Description: Auto MDM Enroll: Failed (Unknown Win32 Error code: 0x80180002b)

[PS] C:Windowssystem32> Get-User test01@test.com | fl Name, Displayname, *Recipient* Name : 32b2bd38-24a0-4ed1-9c5e-007d4542d14c DisplayName : test01 PreviousRecipientTypeDetails : UserMailbox RecipientType : MailUser RecipientTypeDetails : MailUser [PS] C:Windowssystem32> Get-User test01@test.com | Set-User -PermanentlyClearPreviousMailboxInfo [PS] C:Windowssystem32> Get-MailUser test01@test.com | Set-MailUser -RemoveDisabledArchive

### Check if Mitigation Service has been enabled for Organization [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>Get-OrganizationConfig | select MitigationsEnabled MitigationsEnabled —————— True ### Check if Mitigation Service has been enabled for Exchange Nodes [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts>Get-ExchangeServer | select Name, Miti* Name MitigationsEnabled MitigationsApplied MitigationsBlocked —- —————— —————— —————— EX0401 True {M1.1, PING1} ### Check already applied...