Skip to content

Instantly share code, notes, and snippets.

View azurekid's full-sized avatar
🎯
Focusing

Rogier Dijkman azurekid

🎯
Focusing
34 followers · 19 following
View GitHub Profile
@azurekid
azurekid / hibp-manifest.yaml
Last active September 17, 2024 12:08
Descriptor:
Name: HaveIBeenPwned
DisplayName: HaveIBeenPwned
Description: This tool checks if an email address has been found in any of the data breaches in Have I Been Pwned (HIBP).
SupportedAuthTypes:
- ApiKey
Authorization:
Type: APIKey
Key: hibp-api-key
Location: Header
@azurekid
azurekid / hibp-openapi.yaml
Last active September 17, 2024 12:06
openapi: 3.0.0
info:
title: HaveIBeenPwned
version: 1.0.0
servers:
- url: https://haveibeenpwned.com/api/v3
paths:
/breachedaccount/{email}:
get:
operationId: HaveIBeenPwned
@azurekid
azurekid / 1pwd-codeless.json
Last active August 23, 2024 14:10
1pwd-codeless
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"defaultValue": "[resourceGroup().location]",
"minLength": 1,
"type": "String",
"metadata": {
"description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace"
@azurekid
azurekid / 1password.md
Last active May 28, 2024 15:52
1Password technical documentation

image

1Password - Microsoft Sentinel solution

Introduction

The 1Password Content Hub solution for Microsoft Sentinel is a community-developed project that enables organizations to ingest data from 1Password into their target SIEM/SOAR solution. Given that password managers inherently store highly sensitive information, monitoring and responding to any unexpected events is critically important.

By ingesting audit logs, sign-in events, and usage information into Microsoft Sentinel, this solution allows for the automation of incident responses, promptly notifying security analysts of potential issues.

@azurekid
azurekid / easyeasm.sh
Created April 2, 2024 14:33
easyEASM Setup
git clone https://github.com/projectdiscovery/alterx.git
git clone https://github.com/projectdiscovery/owasp-amass/oam-tools
cd alterx/cmd/alterx; \
go build; \
mv alterx /usr/local/bin/; \
alterx -version;
@azurekid
azurekid / Get-Guid.ps1
Last active October 12, 2023 17:25
PowerShell function to create a GUID from a string value
<#
.SYNOPSIS
Generates a GUID from a given string value using MD5 hashing.
.PARAMETER Value
The string value to generate a GUID from.
.EXAMPLE
Get-Guid -Value "example string"
Returns a GUID generated from the string "example string".
@azurekid
azurekid / AccessToken.yaml
Created June 20, 2023 06:54
DevOps Pipeline to get access token from system
jobs:
- job: get_token
displayName: Collecting AccessToken
steps:
- powershell: |
$accessToken = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("azdo:$(System.AccessToken)"))
# auth headers
$headers = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("azdo:$(System.AccessToken)")) }
write-output $($headers.value)
@azurekid
azurekid / ASIM_snippets.md
Last active June 14, 2023 07:14
ASIM snippets

KQL Snippets

This file contains useful snippets that can be used for the development of ASIM Parsers for Microsoft Sentinel

DstHostname

| extend DstHostname = case(DstHostname != "", DstHostname, DestinationIP)
@azurekid
azurekid / Clear-GitHubHistory.ps1
Created May 10, 2023 13:35
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]$GitBranch,
[Parameter(Mandatory = $false)]
[string]$CommitMessage = 'rebuild repository',
[Parameter(Mandatory = $false)]
[switch]$Force
@azurekid
azurekid / ConvertFrom-JWT.ps1
Created December 19, 2022 20:47
function Invoke-SplitJWT {
Param
(
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
Position = 0)]
$String
)
Process {