Daniel dstreefkerk

## sigma_converter.py
"""
Sigma to Microsoft Sentinel KQL Converter
-----------------------------------------

This script converts Sigma detection rules to Microsoft Sentinel KQL (Kusto Query Language) format
using the SOC Prime translation service.

SOC Prime, Inc (https://socprime.com) provides the translation API (uncoder.io) that powers this converter.
This script is a client for that service and is not affiliated with or endorsed by SOC Prime, Inc.

## azure-mgmt-securityinsight-api-reference.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                dstreefkerk
                / azure-mgmt-securityinsight-api-reference.md
            
            
              Last active
              April 14, 2025 23:22
            
              
                LLM-generated documentation for the Azure Management SecurityInsight SDK for Python
              
          
    Azure Management SecurityInsight SDK for Python

Table of Contents


Overview
Installation
Authentication
Client Class
Operation Groups
Alert Rules Management


## gas_stove_vulnerability.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                dstreefkerk
                / gas_stove_vulnerability.md
            
            
              Created
              April 12, 2025 02:02
            
          
    MCP Safety Audit: Gas Stoves with Manual Cooking Protocol Allow Major Burn Vulnerabilities
Executive Summary

Gas stoves, which operate under the legacy Manual Cooking Protocol (MCP), have been found to allow users to willingly place their hands on active burners, resulting in severe thermal compromise. Despite long-standing warnings, manufacturers continue to ship these devices with unrestricted flame access and no built-in user safety interlocks.
Key Findings

No Authentication for Ignition: Any user, regardless of clearance or training, can initiate flame generation with a simple knob twist.
Direct Contact Vulnerability: Users can directly touch the burner while it's active. No safeguards prevent this. Zero.
Lack of User Behaviour Sandboxing: The system permits reckless multi-tasking, such as reaching over multiple lit burners to grab a spice jar.
No Real-Time Alerting: Burn events are not logged, monitored, or alerted. Incident response relies on screaming.


## opinsights-all.kql
// This query retrieves all Microsoft Sentinel-enabled Log Analytics workspaces the user has access to.
// It checks for Sentinel by looking for the 'SecurityInsights' solution in 'Microsoft.OperationsManagement/solutions'.
// The join is done using the full resource ID of the workspace.

resources
| where type == "microsoft.operationalinsights/workspaces"
| extend workspaceId = tostring(properties.customerId), workspaceName = name, workspaceResourceId = tolower(id)
| join kind=leftouter (
    resources
    | where type == "microsoft.operationsmanagement/solutions"

## oob_update.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "NamePrefix": {
            "defaultValue": "",
            "type": "String",
            "metadata": {
                "description": "Optional prefix to prepend to all resource names for easy identification."
            }

## RickLog.ps1
# PowerShell script in response to this:
# https://github.com/hattonsec/hattonsec.github.io/commit/1d78938bf324fac1a68d89f83e8d6dcd785ac8bd#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R838

$BaseUrl = "https://log[.]linpeas[.]sh" # defanged. Don't actually do this, I just generated this script for the lolz

# Need the lyrics in a text file somewhere
$rick = Get-Content C:\temp\rick.txt | Where-Object {-not [string]::IsNullOrWhiteSpace($_)}

foreach ($roll in $rick) {
    $uuid = [guid]::NewGuid().guid -replace '-',''

## profile.ps1
<#
.SYNOPSIS
Retrieves file names from the current folder and copies them to the clipboard.

Drop this function and the alias definition into your PowerShell profile file to make it available in every PowerShell session.

.EXAMPLE
Get-FileNamesFromCurrentFolder -Recurse
Recursively gets all file names from the current folder and subfolders, copying them to the clipboard.

## gist:ffb233ce57585818f3887b63b6310188
# First, connect to Microsoft Graph
Connect-MgGraph -Scopes "Policy.Read.All", "Directory.Read.All"

# Retrieve all Conditional Access policies
$policies = Get-MgIdentityConditionalAccessPolicy

# Iterate through each policy
foreach ($policy in $policies) {
    [pscustomobject]@{
        ID = $policy.Id

## Export-CrowdGroupData.ps1
<#
.SYNOPSIS
Retrieves and exports group data from Atlassian Crowd via REST API.

.DESCRIPTION
The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory.

It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory.

Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/

## invite-entra-guests-msgraph.ps1
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Invite.All"

# Microsoft Graph API endpoint for invitations
$graphApiUrl = "https://graph.microsoft.com/v1.0/invitations"

# Create the invitation object
$invitation = @{
    invitedUserDisplayName = "Daniel Streefkerk"
    invitedUserEmailAddress = "daniel@example.com"
	"""
	Sigma to Microsoft Sentinel KQL Converter
	-----------------------------------------

	This script converts Sigma detection rules to Microsoft Sentinel KQL (Kusto Query Language) format
	using the SOC Prime translation service.

	SOC Prime, Inc (https://socprime.com) provides the translation API (uncoder.io) that powers this converter.
	This script is a client for that service and is not affiliated with or endorsed by SOC Prime, Inc.
	// This query retrieves all Microsoft Sentinel-enabled Log Analytics workspaces the user has access to.
	// It checks for Sentinel by looking for the 'SecurityInsights' solution in 'Microsoft.OperationsManagement/solutions'.
	// The join is done using the full resource ID of the workspace.

	resources
	\| where type == "microsoft.operationalinsights/workspaces"
	\| extend workspaceId = tostring(properties.customerId), workspaceName = name, workspaceResourceId = tolower(id)
	\| join kind=leftouter (
	resources
	\| where type == "microsoft.operationsmanagement/solutions"
	{
	"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"NamePrefix": {
	"defaultValue": "",
	"type": "String",
	"metadata": {
	"description": "Optional prefix to prepend to all resource names for easy identification."
	}
	# PowerShell script in response to this:
	# https://github.com/hattonsec/hattonsec.github.io/commit/1d78938bf324fac1a68d89f83e8d6dcd785ac8bd#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R838

	$BaseUrl = "https://log[.]linpeas[.]sh" # defanged. Don't actually do this, I just generated this script for the lolz

	# Need the lyrics in a text file somewhere
	$rick = Get-Content C:\temp\rick.txt \| Where-Object {-not [string]::IsNullOrWhiteSpace($_)}

	foreach ($roll in $rick) {
	$uuid = [guid]::NewGuid().guid -replace '-',''
	<#
	.SYNOPSIS
	Retrieves file names from the current folder and copies them to the clipboard.

	Drop this function and the alias definition into your PowerShell profile file to make it available in every PowerShell session.

	.EXAMPLE
	Get-FileNamesFromCurrentFolder -Recurse
	Recursively gets all file names from the current folder and subfolders, copying them to the clipboard.
	# First, connect to Microsoft Graph
	Connect-MgGraph -Scopes "Policy.Read.All", "Directory.Read.All"

	# Retrieve all Conditional Access policies
	$policies = Get-MgIdentityConditionalAccessPolicy

	# Iterate through each policy
	foreach ($policy in $policies) {
	[pscustomobject]@{
	ID = $policy.Id
	<#
	.SYNOPSIS
	Retrieves and exports group data from Atlassian Crowd via REST API.

	.DESCRIPTION
	The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory.

	It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory.

	Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/
	# Connect to Microsoft Graph
	Connect-MgGraph -Scopes "User.Invite.All"

	# Microsoft Graph API endpoint for invitations
	$graphApiUrl = "https://graph.microsoft.com/v1.0/invitations"

	# Create the invitation object
	$invitation = @{
	invitedUserDisplayName = "Daniel Streefkerk"
	invitedUserEmailAddress = "daniel@example.com"