Skip to content

Instantly share code, notes, and snippets.

View azurekid's full-sized avatar
🎯
Focusing

Rogier Dijkman azurekid

🎯
Focusing
34 followers · 18 following
View GitHub Profile
@azurekid
azurekid / 1password.md
Last active May 28, 2024 15:52
1Password technical documentation

image

1Password - Microsoft Sentinel solution

Introduction

The 1Password Content Hub solution for Microsoft Sentinel is a community-developed project that enables organizations to ingest data from 1Password into their target SIEM/SOAR solution. Given that password managers inherently store highly sensitive information, monitoring and responding to any unexpected events is critically important.

By ingesting audit logs, sign-in events, and usage information into Microsoft Sentinel, this solution allows for the automation of incident responses, promptly notifying security analysts of potential issues.

@azurekid
azurekid / easyeasm.sh
Created April 2, 2024 14:33
easyEASM Setup
git clone https://github.com/projectdiscovery/alterx.git
git clone https://github.com/projectdiscovery/owasp-amass/oam-tools
cd alterx/cmd/alterx; \
go build; \
mv alterx /usr/local/bin/; \
alterx -version;
@azurekid
azurekid / Get-Guid.ps1
Last active October 12, 2023 17:25
PowerShell function to create a GUID from a string value
<#
.SYNOPSIS
Generates a GUID from a given string value using MD5 hashing.
.PARAMETER Value
The string value to generate a GUID from.
.EXAMPLE
Get-Guid -Value "example string"
Returns a GUID generated from the string "example string".
@azurekid
azurekid / AccessToken.yaml
Created June 20, 2023 06:54
DevOps Pipeline to get access token from system
jobs:
- job: get_token
displayName: Collecting AccessToken
steps:
- powershell: |
$accessToken = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("azdo:$(System.AccessToken)"))
# auth headers
$headers = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("azdo:$(System.AccessToken)")) }
write-output $($headers.value)
@azurekid
azurekid / ASIM_snippets.md
Last active June 14, 2023 07:14
ASIM snippets

KQL Snippets

This file contains useful snippets that can be used for the development of ASIM Parsers for Microsoft Sentinel

DstHostname

| extend DstHostname = case(DstHostname != "", DstHostname, DestinationIP)
@azurekid
azurekid / Clear-GitHubHistory.ps1
Created May 10, 2023 13:35
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]$GitBranch,
[Parameter(Mandatory = $false)]
[string]$CommitMessage = 'rebuild repository',
[Parameter(Mandatory = $false)]
[switch]$Force
@azurekid
azurekid / ConvertFrom-JWT.ps1
Created December 19, 2022 20:47
function Invoke-SplitJWT {
Param
(
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
Position = 0)]
$String
)
Process {
@azurekid
azurekid / Get-GraphToken.ps1
Last active December 19, 2022 20:45
PowerShell function to create Graph Access Token
function Get-GraphToken {
[cmdletbinding()]
Param(
[Parameter(Mandatory = $True)]
[String[]]
[ValidateSet("MSGraph", "Azure", "Monitor", "MSPIM")]
$Client,
[Parameter(Mandatory = $False)]
[String]$Resource = "https://graph.microsoft.com"
@azurekid
azurekid / kql-coding-standards.md
Last active November 22, 2022 13:29
KQL Coding Standards

KQL Coding standards

This document helps to create clean and readable KQL code for parsing and detection rules.
All views are my own based on writing lots of code in PowerShell and other languages.
This is a living document that helps to create a common baseline.

Allign your code

  • Place a spaces before and after the '=' character for readability.
  • allign the code using instead of spaces. Keep the '=' character and default values alligned.
@azurekid
azurekid / ratscan.ps1
Last active October 5, 2022 12:53
[CmdletBinding()]
param (
[Parameter()]
[switch]$IDPS,
[Parameter()]
[switch]$ThreatIntel,
[Parameter()]
[switch]$WebCategories,