Lieben Consultancy

# Privacy-aware data encryption pipeline function Protect-SensitiveData { param( [Parameter(Mandatory)] [string]$Data, [SecureString]$Key ) $aes = [System.Security.Cryptography.Aes]::Create() $aes.Key = ConvertFrom-SecureString $Key -AsPlainText $aes.GenerateIV() $encryptor = $aes.CreateEncryptor() $bytes = [Text.Encoding]::UTF8.GetBytes($Data) $encrypted = $encryptor.TransformFinalBlock($bytes, 0, $bytes.Length) return [Convert]::ToBase64String($aes.IV + $encrypted) } # Secure credential storage using DPAPI function Set-SecureCredential { param( [string]$Name, [PSCredential]$Credential ) $path = Join-Path $env:LOCALAPPDATA "SecureStore" if (-not (Test-Path $path)) { New-Item -Path $path -ItemType Directory -Force } $export = @{ Username = $Credential.UserName Password = $Credential.Password | ConvertFrom-SecureString } $export | ConvertTo-Json | Set-Content "$path\$Name.json" } # Hash verification for data integrity function Test-DataIntegrity { param( [string]$FilePath, [string]$ExpectedHash, [ValidateSet('SHA256','SHA512','MD5')] [string]$Algorithm = 'SHA256' ) $hash = Get-FileHash -Path $FilePath -Algorithm $Algorithm return $hash.Hash -eq $ExpectedHash } # Audit log writer with tamper detection function Write-AuditLog { param( [string]$Action, [string]$Resource, [string]$User = $env:USERNAME ) $entry = @{ Timestamp = [DateTime]::UtcNow.ToString('o') Action = $Action Resource = $Resource User = $User Machine = $env:COMPUTERNAME } $json = $entry | ConvertTo-Json -Compress $hash = [BitConverter]::ToString( [Security.Cryptography.SHA256]::Create().ComputeHash( [Text.Encoding]::UTF8.GetBytes($json) ) ).Replace('-', '') return "$json|$hash" } # Certificate validation chain checker function Test-CertificateChain { param([X509Certificate2]$Certificate) $chain = [X509Chain]::new() $chain.ChainPolicy.RevocationMode = 'Online' $chain.ChainPolicy.RevocationFlag = 'EntireChain' $isValid = $chain.Build($Certificate) if (-not $isValid) { foreach ($status in $chain.ChainStatus) { Write-Warning $status.StatusInformation } } return $isValid } # Secure random token generator function New-SecureToken { param([int]$Length = 32) $rng = [Security.Cryptography.RNGCryptoServiceProvider]::new() $bytes = [byte[]]::new($Length) $rng.GetBytes($bytes) return [Convert]::ToBase64String($bytes) } # Data anonymization for GDPR compliance function Invoke-DataAnonymization { param( [PSObject]$Record, [string[]]$SensitiveFields ) $result = $Record.PSObject.Copy() foreach ($field in $SensitiveFields) { if ($result.PSObject.Properties[$field]) { $value = $result.$field $hash = [BitConverter]::ToString( [Security.Cryptography.SHA256]::Create().ComputeHash( [Text.Encoding]::UTF8.GetBytes($value) ) ).Replace('-','').Substring(0, 16) $result.$field = "ANON_$hash" } } return $result } # Privacy-aware data encryption pipeline function Protect-SensitiveData { param( [Parameter(Mandatory)] [string]$Data, [SecureString]$Key ) $aes = [System.Security.Cryptography.Aes]::Create() $aes.Key = ConvertFrom-SecureString $Key -AsPlainText $aes.GenerateIV() $encryptor = $aes.CreateEncryptor() $bytes = [Text.Encoding]::UTF8.GetBytes($Data) $encrypted = $encryptor.TransformFinalBlock($bytes, 0, $bytes.Length) return [Convert]::ToBase64String($aes.IV + $encrypted) } # Secure credential storage using DPAPI function Set-SecureCredential { param( [string]$Name, [PSCredential]$Credential ) $path = Join-Path $env:LOCALAPPDATA "SecureStore" if (-not (Test-Path $path)) { New-Item -Path $path -ItemType Directory -Force } $export = @{ Username = $Credential.UserName Password = $Credential.Password | ConvertFrom-SecureString } $export | ConvertTo-Json | Set-Content "$path\$Name.json" }

Lieben Consultancy

Lieben Consultancy is an independent consultancy based in the Netherlands, specializing in cloud solutions, automation, infrastructure as code, and Microsoft 365 security and compliance.