DylanInfosec🛡️
@attackthesoc.com
Dad ⚭ Husband
𒉭 Azure Security | IAM | DE&TH
https://attackthesoc.com/
🏋️♂️CultoftheIron, Learning 🛹
What stands in the way, becomes the way
𒉭 Azure Security | IAM | DE&TH
https://attackthesoc.com/
🏋️♂️CultoftheIron, Learning 🛹
What stands in the way, becomes the way
ForEach-Object (+ -Parallel when possible)
February 20, 2025 at 7:11 PM
ForEach-Object (+ -Parallel when possible)
Grabs the list of emails form the 'email' column, and queries graph for the user Object Id and puts them in a separate file. *Note: even if you don't use this script, always preserve the original list sent to you.
February 19, 2025 at 9:52 PM
Grabs the list of emails form the 'email' column, and queries graph for the user Object Id and puts them in a separate file. *Note: even if you don't use this script, always preserve the original list sent to you.
Full disclosure: Needs a lot of work. An over-reliance on filename and cmdline. Performance ugh.
Also asked GPT to clean it up and consolidate it as it was a mess
@wietzebeukema.nl ArgFuscator really comes to mind on this one
🤔Could look at the InitiatingProcess + the InitiatingAccount
Also asked GPT to clean it up and consolidate it as it was a mess
@wietzebeukema.nl ArgFuscator really comes to mind on this one
🤔Could look at the InitiatingProcess + the InitiatingAccount
February 14, 2025 at 10:29 PM
Full disclosure: Needs a lot of work. An over-reliance on filename and cmdline. Performance ugh.
Also asked GPT to clean it up and consolidate it as it was a mess
@wietzebeukema.nl ArgFuscator really comes to mind on this one
🤔Could look at the InitiatingProcess + the InitiatingAccount
Also asked GPT to clean it up and consolidate it as it was a mess
@wietzebeukema.nl ArgFuscator really comes to mind on this one
🤔Could look at the InitiatingProcess + the InitiatingAccount
Any and all feedback is welcome. Did sprint through quite a few things I was hoping to dive into but the presentation gods were not pleased with me on this day.
Here are the slides for MDE Deception Capabilities: github.com/AttacktheSOC...
KQLs: github.com/AttacktheSOC...
many more to trickle in
Here are the slides for MDE Deception Capabilities: github.com/AttacktheSOC...
KQLs: github.com/AttacktheSOC...
many more to trickle in
github.com
January 23, 2025 at 10:50 PM
Any and all feedback is welcome. Did sprint through quite a few things I was hoping to dive into but the presentation gods were not pleased with me on this day.
Here are the slides for MDE Deception Capabilities: github.com/AttacktheSOC...
KQLs: github.com/AttacktheSOC...
many more to trickle in
Here are the slides for MDE Deception Capabilities: github.com/AttacktheSOC...
KQLs: github.com/AttacktheSOC...
many more to trickle in
Thank you, man! Been prepping for it
January 23, 2025 at 1:13 PM
Thank you, man! Been prepping for it
Will do. Always seems to be the issue, have all these things I intend to say and they all try getting out at the same time causing me to freeze up. 🥤
I do get to cheat a little as it's an online talk so that alone calmed the nerves a bit.
I do get to cheat a little as it's an online talk so that alone calmed the nerves a bit.
January 23, 2025 at 2:23 AM
Will do. Always seems to be the issue, have all these things I intend to say and they all try getting out at the same time causing me to freeze up. 🥤
I do get to cheat a little as it's an online talk so that alone calmed the nerves a bit.
I do get to cheat a little as it's an online talk so that alone calmed the nerves a bit.