diff --git a/atomics/T1098/T1098.yaml b/atomics/T1098/T1098.yaml index cfcac453..f49c423a 100644 --- a/atomics/T1098/T1098.yaml +++ b/atomics/T1098/T1098.yaml @@ -172,9 +172,9 @@ atomic_tests: $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword Connect-AzureAD -Credential $Credential - $user = Get-AzureADUser | where-object {$_.DisplayName -eq "#{user_principal_name}"} + $user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}'" if ($user -eq $null) { Write-Warning "User not found"; exit } - $role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"} + $role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'" if ($role -eq $null) { Write-Warning "Role not found"; exit } Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $user.ObjectId Write-Host "User $($user.DisplayName) was added to $($role.DisplayName) role" @@ -184,9 +184,9 @@ atomic_tests: $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword Connect-AzureAD -Credential $Credential -ErrorAction Ignore - $user = Get-AzureADUser | where-object {$_.DisplayName -eq "#{user_principal_name}"} + $user = Get-AzureADUser -Filter "DisplayName eq '#{user_principal_name}'" if ($user -eq $null) { Write-Warning "User not found"; exit } - $role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"} + $role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'" if ($role -eq $null) { Write-Warning "Role not found"; exit } Remove-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -MemberId $user.ObjectId @@ -238,9 +238,9 @@ atomic_tests: $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword Connect-AzureAD -Credential $Credential - $sp = Get-AzureADServicePrincipal | where-object {$_.DisplayName -eq "#{service_principal_name}"} + $sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '#{service_principal_name}'" if ($sp -eq $null) { Write-Warning "Service Principal not found"; exit } - $role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"} + $role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'" if ($role -eq $null) { Write-Warning "Role not found"; exit } Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $sp.ObjectId Write-Host "Service Principal $($sp.DisplayName) was added to $($role.DisplayName)" @@ -250,9 +250,9 @@ atomic_tests: $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword Connect-AzureAD -Credential $Credential -ErrorAction Ignore - $sp = Get-AzureADServicePrincipal | where-object {$_.DisplayName -eq "#{service_principal_name}"} + $sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '#{service_principal_name}'" if ($sp -eq $null) { Write-Warning "Service Principal not found"; exit } - $role = Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "#{role_name}"} + $role = Get-AzureADDirectoryRole -Filter "DisplayName eq '#{role_name}'" if ($role -eq $null) { Write-Warning "Role not found"; exit } Remove-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -MemberId $sp.ObjectId @@ -466,10 +466,10 @@ atomic_tests: $aadApplication = New-AzureADApplication -DisplayName "#{application_name}" $servicePrincipal = New-AzureADServicePrincipal -AppId $aadApplication.AppId - #$aadApplication = Get-AzureADApplication | Where-Object {$_.DisplayName -eq "#{application_name}"} + #$aadApplication = Get-AzureADApplication -Filter "DisplayName eq '#{application_name}'" #Get Service Principal of Microsoft Graph Resource API - $graphSP = Get-AzureADServicePrincipal -All $true | Where-Object {$_.DisplayName -eq "Microsoft Graph"} + $graphSP = Get-AzureADServicePrincipal -Filter "DisplayName eq 'Microsoft Graph'" #Initialize RequiredResourceAccess for Microsoft Graph Resource API $requiredGraphAccess = New-Object Microsoft.Open.AzureAD.Model.RequiredResourceAccess @@ -500,7 +500,7 @@ atomic_tests: #Set permissions in existing Azure AD App Set-AzureADApplication -ObjectId $aadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess - $servicePrincipal = Get-AzureADServicePrincipal -All $true | Where-Object {$_.AppId -eq $aadApplication.AppId} + $servicePrincipal = Get-AzureADServicePrincipal -Filter "AppId eq '$aadApplication.AppId'" New-AzureADServiceAppRoleAssignment -ObjectId $servicePrincipal.ObjectId -PrincipalId $servicePrincipal.ObjectId -ResourceId $graphSP.ObjectId -Id $reqPermission.Id @@ -510,7 +510,7 @@ atomic_tests: $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "#{username}", $Pword Connect-AzureAD -Credential $Credential - $aadApplication = Get-AzureADApplication | Where-Object {$_.DisplayName -eq "#{application_name}"} + $aadApplication = Get-AzureADApplication -Filter "DisplayName eq '#{application_name}'" Remove-AzureADApplication -ObjectId $aadApplication.ObjectId name: powershell