Skip to content

Instantly share code, notes, and snippets.

View azurekid's full-sized avatar
:octocat:
Coding

Rogier Dijkman azurekid

:octocat:
Coding
View GitHub Profile

The Phantom Sterling Chronicles: How Toxic Role Combinations Turned Anonymous Access into Global Admin

A cybersecurity thriller based on real-world attack techniques


Chapter 1: The Digital Treasure Hunt - Initial Reconnaissance

Day 1 - 3:47 AM EST

@azurekid
azurekid / Invoke-StealthOperation.ps1
Created August 21, 2025 08:33
Invoke StealthOperation function
function Invoke-StealthOperation {
[CmdletBinding()]
param(
[Parameter(Mandatory = $false, ValueFromPipeline = $true)]
[object]$InputObject,
[Parameter(Mandatory = $false)]
[ValidateSet("Random", "Progressive", "BusinessHours", "Exponential")]
[string]$DelayType = "Random",
@azurekid
azurekid / Invoke-StealthOperation.md
Last active August 20, 2025 12:54
Invoke-StealthOperation

Building Invoke-StealthOperation: A Journey into Cultural Cybersecurity

Published: August 20, 2025 | By BlackCat Security Team


The Pattern Recognition Problem

While developing reconnaissance tools for the BlackCat module, I kept running into a fundamental issue: modern detection systems are not only flagging tools by what they were doing, but also when they were doing it. The functions themselves worked perfectly, but their timing patterns might scream "automation" to behavioral analysis engines.

Prologue: Meet Elena "Phantom" Sterling

The converted warehouse apartment in Seattle's SoDo district doesn't look like much from the outside, but behind the reinforced steel door marked "3B," Elena Sterling has built a digital command center that would make most penetration testers jealous. Three curved monitors dominate the main wall. The desk surface disappears beneath notebooks filled with drawings and diagrams showing how innocent role assignments chain together into devastating attack paths.

Elena "Phantom" Sterling earned her reputation the hard way. Unlike the script kiddies and ransomware crews that grab headlines, her specialty lies in surgical precision operations that leave no trace while extracting maximum value. Former colleagues from her days at a major West Coast cybersecurity firm would be shocked to learn that their methodical, regulation-obsessed teammate had evolved into something else entirely—a digital predator who turns organizations' own security measures against them.

**Becoming

BlackCat v0.21.0 Release Summary

🚀 Major Release: Advanced Cache Analytics System

Release Date: July 9, 2025
Version: 0.21.0 (Minor Release)
Focus: Revolutionary cache analytics and sophisticated data insights

Why a Minor Release? This version introduces significant new features and capabilities, particularly the completely redesigned cache analytics system with enterprise-grade functionality. While maintaining full backward compatibility, the substantial feature additions and enhanced capabilities justify a minor version increment.

Foreword

How I Went from Fixing Copiers to Breaking Into Clouds

You know that moment when you realize your career has taken a completely unexpected turn? Mine came when I was sitting in a boardroom at a major insurance company, explaining to executives why their "secure" Azure environment could be compromised in about fifteen minutes. The silence was deafening.

My journey here wasn't linear. I started fixing copiers at Xerox and Ricoh—yeah, those massive machines that somehow always jammed during important presentations. From there, I bounced through Software Development, became a SharePoint Consultant (which prepared me for dealing with impossible problems), worked as an architect, and eventually found myself as a Cloud Security Architect and Security Researcher.

The thing is, every role taught me something different about how organizations really work versus how they think they work. When you're the guy fixing the printer, you see how people actually handle security badges and passwords. When you'r

@azurekid
azurekid / Get-WifiProfiles.ps1
Last active May 9, 2025 08:24
This function can be used to quickly retrieve all stored WiFi passwords on a Windows device
<#
.SYNOPSIS
Retrieves stored WiFi profiles and their associated passwords from the local computer.
.DESCRIPTION
This function uses netsh commands to extract all saved WiFi profiles and their details including passwords (if available), authentication methods, and connection modes. It processes profiles in parallel for improved performance.
.OUTPUTS
System.Object[]
Returns an array of custom objects containing the following properties:
let lookback = 1d;
let DeviceList =
DeviceInfo
| where
Timestamp >= ago(lookback)
// and MachineGroup contains "ATOS"
// and MachineGroup contains "AZURE"
// and MachineGroup contains "OGD"
and MachineGroup !contains "OGD"
| distinct DeviceName
let lookback = 7d;
let DeviceList =
DeviceInfo
| where MachineGroup contains "Azure"
| where Timestamp >= ago(lookback)
| distinct DeviceName
;
let ScanInformation =
DeviceEvents
| where

Automating GitHub Organization Membership Requests with GitHub Actions

Managing membership requests for a GitHub organization can be a time-consuming task, especially for larger organizations. In this article, we will walk through a solution that leverages GitHub Actions to automate the process of adding new members to a GitHub organization. By using an issue template and a GitHub Actions workflow, we can streamline the membership request process and reduce manual work.

Introduction

GitHub Actions is a powerful tool for automating various tasks within your repository, including CI/CD pipelines, issue management, and more. One of the less common but highly useful applications of GitHub Actions is automating the management of organization memberships. This can be particularly beneficial for organizations with a large number of members or frequent membership changes.

Why Automate Membership Requests?