Make some noise - a note on detections
Most detection engineers already know this, but based on experience many companies will fail to consider noise in their detection strategy.
Read more →
security automation blog
newest posts
Testing the SinkVPN-concept to silence EDRs
Can we silence Defender for Endpoint using a rogue VPN-server?
Read more →
Tool Release: misp-filter-builder
A little weekend project to help build filters for MISP and misp2sentinel
Read more →
Could you build a simple C2-framework using World of Warcraft?
Yes. Sort of, at least. Join me to explore how we can potentially use WoW and it's ecosystem as a C2
Read more →
Tools and repositories
DarkLighthouse
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
PowerShell
5
pwshmisp
Module for interacting with a MISP server using PowerShell.
PowerShell
pwshuploadindicatorsapi
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
PowerShell
misp2sentinelone
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
PowerShell
7
MicrosoftSentinel-Scripts
Repository for publishing scripts related to Microsoft Sentinel.
PowerShell
3
MicrosoftSentinel-Templates
Collection of ARM and other templates for Microsoft Sentinel.
JSON
InstagramUnliker
vibe coded nonsense that allows you to unlike instagram posts in firefox.
JSON
MermaidGen
An attempt at creating mermaid diagrams for markdown as code.
JSON
1
misp2sentinelone
Proof of concept PowerShell-functions for sending TI from MISP to SentinelOne.
JSON
7