Defender XDR - Custom Detection Rules PowerShell Module
A simple PowerShell module for managing custom detection rules via the Graph API, with SPN support
Read more →
security automation blog
newest posts
Tool Release: rustymisp2sentinel
From idea to execution, the story of how I'm still trying to learn rust.
Read more →
Make some noise - a note on detections
Most detection engineers already know this, but based on experience many companies will fail to consider noise in their detection strategy.
Read more →
Testing the SinkVPN-concept to silence EDRs
Can we silence Defender for Endpoint using a rogue VPN-server?
Read more →
Tools and repositories
DarkLighthouse
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
PowerShell
5
pwshmisp
Module for interacting with a MISP server using PowerShell.
PowerShell
pwshuploadindicatorsapi
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
PowerShell
misp2sentinelone
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
PowerShell
7
MicrosoftSentinel-Scripts
Repository for publishing scripts related to Microsoft Sentinel.
PowerShell
3
MicrosoftSentinel-Templates
Collection of ARM and other templates for Microsoft Sentinel.
JSON
InstagramUnliker
vibe coded nonsense that allows you to unlike instagram posts in firefox.
JSON
MermaidGen
An attempt at creating mermaid diagrams for markdown as code.
JSON
1
misp2sentinelone
Proof of concept PowerShell-functions for sending TI from MISP to SentinelOne.
JSON
7
rustymisp2sentinel
Rust tool for sending threat intelligence from MISP to Microsoft Sentinel.
Rust