Truls 🐱👤
@truls.infernux.no
🔓 Microsoft MVP Security
👷♂️ Security Architect/Engineer
writer of mediocre code 💻
blog: https://infernux.no
github: https://github.com/lnfernux
#Microsoft #Security #MVP #CTF
👷♂️ Security Architect/Engineer
writer of mediocre code 💻
blog: https://infernux.no
github: https://github.com/lnfernux
#Microsoft #Security #MVP #CTF
I made a thing. Basically just lighthouse access enum and persistence creation made simple for you.
github.com/lnfernux/Dar...
github.com/lnfernux/Dar...
GitHub - lnfernux/DarkLighthouse: Welcome to the jungle. This is just a simple tool to ease detection of Azure Lighthouse delegations from your current tenant/user/spn access, and to help you add pers...
Welcome to the jungle. This is just a simple tool to ease detection of Azure Lighthouse delegations from your current tenant/user/spn access, and to help you add persistence by automating setup of ...
github.com
December 7, 2025 at 5:20 PM
I made a thing. Basically just lighthouse access enum and persistence creation made simple for you.
github.com/lnfernux/Dar...
github.com/lnfernux/Dar...
Today's unfortunate discovery: Microsoft Sentinel summary rules is not supported by Azure Lighthouse.
You need Sentinel Contributor (on the workspace/RG) and log analytics contributor directly on the workspace, which is not supported.
A tiny bit annoying.
You need Sentinel Contributor (on the workspace/RG) and log analytics contributor directly on the workspace, which is not supported.
A tiny bit annoying.
October 8, 2025 at 7:14 AM
Today's unfortunate discovery: Microsoft Sentinel summary rules is not supported by Azure Lighthouse.
You need Sentinel Contributor (on the workspace/RG) and log analytics contributor directly on the workspace, which is not supported.
A tiny bit annoying.
You need Sentinel Contributor (on the workspace/RG) and log analytics contributor directly on the workspace, which is not supported.
A tiny bit annoying.
Looking forward to next week - I'm speaking at @wpninjas.no on one of my favorite topics, configuring Microsoft Sentinel (and making a couple of mistakes along the way).
June 6, 2025 at 6:14 PM
Looking forward to next week - I'm speaking at @wpninjas.no on one of my favorite topics, configuring Microsoft Sentinel (and making a couple of mistakes along the way).
Finally got out of not writing anything - decided to spend a few hours to play with the custom detection rule api in Defender XDR.
www.infernux.no/DefenderXDR-...
Some funny things I noticed:
- GET works using Invoke-MgGraphRequest
- POST/PATCH throws internal error 500 no matter what
1/2
www.infernux.no/DefenderXDR-...
Some funny things I noticed:
- GET works using Invoke-MgGraphRequest
- POST/PATCH throws internal error 500 no matter what
1/2
Defender XDR - Custom Detection Rules Push/Pull via API
A little primer to pushing and pulling new content via the graph beta API
www.infernux.no
June 2, 2025 at 8:15 AM
Finally got out of not writing anything - decided to spend a few hours to play with the custom detection rule api in Defender XDR.
www.infernux.no/DefenderXDR-...
Some funny things I noticed:
- GET works using Invoke-MgGraphRequest
- POST/PATCH throws internal error 500 no matter what
1/2
www.infernux.no/DefenderXDR-...
Some funny things I noticed:
- GET works using Invoke-MgGraphRequest
- POST/PATCH throws internal error 500 no matter what
1/2
Reposted by Truls 🐱👤
🎉 Season 2 of #TalkingSecurity MVP Security Insights is LIVE! 🎙️🔥
We’re kicking off with a bang and who better to launch the new season than the brilliant @truls.infernux.no, Microsoft Security MVP and master of all things cloud security, SIEM, and EDR! 🚀
talkingsecurity.nl/podcast/secu...
We’re kicking off with a bang and who better to launch the new season than the brilliant @truls.infernux.no, Microsoft Security MVP and master of all things cloud security, SIEM, and EDR! 🚀
talkingsecurity.nl/podcast/secu...
April 24, 2025 at 3:40 PM
🎉 Season 2 of #TalkingSecurity MVP Security Insights is LIVE! 🎙️🔥
We’re kicking off with a bang and who better to launch the new season than the brilliant @truls.infernux.no, Microsoft Security MVP and master of all things cloud security, SIEM, and EDR! 🚀
talkingsecurity.nl/podcast/secu...
We’re kicking off with a bang and who better to launch the new season than the brilliant @truls.infernux.no, Microsoft Security MVP and master of all things cloud security, SIEM, and EDR! 🚀
talkingsecurity.nl/podcast/secu...
Working on a new #MISP - #Sentinel function app flow using powershell and had to update my pwshuploadindicatorsapi function at the same time - now v1.0.2. Added support for the new Stix Object API (new default) and the old upload indicators API.
www.powershellgallery.com/packages/pws...
#MVPBuzz
www.powershellgallery.com/packages/pws...
#MVPBuzz
pwshuploadindicatorsapi 1.0.2
This module helps convert MISP events and attributes to the Upload Indicators API format, and then uploads the indicators to the API.
www.powershellgallery.com
March 8, 2025 at 10:43 AM
Working on a new #MISP - #Sentinel function app flow using powershell and had to update my pwshuploadindicatorsapi function at the same time - now v1.0.2. Added support for the new Stix Object API (new default) and the old upload indicators API.
www.powershellgallery.com/packages/pws...
#MVPBuzz
www.powershellgallery.com/packages/pws...
#MVPBuzz
Just updated #pwshmisp to version 1.0.3.
Releasenotes:
- Fixed typo in Invoke-MISPAttributeSearch
- Added support for enforceWarninglist in filters
- Removed notTags and notOrgs (not supported)
www.powershellgallery.com/packages/pws...
Releasenotes:
- Fixed typo in Invoke-MISPAttributeSearch
- Added support for enforceWarninglist in filters
- Removed notTags and notOrgs (not supported)
www.powershellgallery.com/packages/pws...
pwshmisp 1.0.3
This module is a collection of functions to help with communication with the MISP API.
www.powershellgallery.com
March 3, 2025 at 8:38 AM
Just updated #pwshmisp to version 1.0.3.
Releasenotes:
- Fixed typo in Invoke-MISPAttributeSearch
- Added support for enforceWarninglist in filters
- Removed notTags and notOrgs (not supported)
www.powershellgallery.com/packages/pws...
Releasenotes:
- Fixed typo in Invoke-MISPAttributeSearch
- Added support for enforceWarninglist in filters
- Removed notTags and notOrgs (not supported)
www.powershellgallery.com/packages/pws...
New blog post - writing a bit about using CTI not only as a data point but as information and context for information in our processes, such as detection engineering (as an example).
www.infernux.no/Expanding-on...
I think the learning points can be transferred to any discipline in security!
www.infernux.no/Expanding-on...
I think the learning points can be transferred to any discipline in security!
Expanding on Cyber Threat Intelligence for Security Monitoring
Three levels of detection engineering using Threat Intelligence as our guiding light
www.infernux.no
January 26, 2025 at 12:16 PM
New blog post - writing a bit about using CTI not only as a data point but as information and context for information in our processes, such as detection engineering (as an example).
www.infernux.no/Expanding-on...
I think the learning points can be transferred to any discipline in security!
www.infernux.no/Expanding-on...
I think the learning points can be transferred to any discipline in security!
Following up my last module pwshmisp with another one, www.powershellgallery.com/packages/pws... - it's a function built to work with pwshmisp to convert data from MISP to the upload indicators API that is used for ingesting TI into MS Sentinel.
#MISP #MicrosoftSentinel #ThreatIntelligence
#MISP #MicrosoftSentinel #ThreatIntelligence
pwshuploadindicatorsapi 1.0.1
This module helps convert MISP events and attributes to the Upload Indicators API format, and then uploads the indicators to the API.
www.powershellgallery.com
December 27, 2024 at 10:27 AM
Following up my last module pwshmisp with another one, www.powershellgallery.com/packages/pws... - it's a function built to work with pwshmisp to convert data from MISP to the upload indicators API that is used for ingesting TI into MS Sentinel.
#MISP #MicrosoftSentinel #ThreatIntelligence
#MISP #MicrosoftSentinel #ThreatIntelligence
Just released a new tool, pwshmisp - a powershell module for communicating with a #MISP server.
Grab it on www.powershellgallery.com/packages/pws... and contribute over on Github if you find any issues github.com/lnfernux/pws...
I'm also in the process of publishing another module so stay tuned!
Grab it on www.powershellgallery.com/packages/pws... and contribute over on Github if you find any issues github.com/lnfernux/pws...
I'm also in the process of publishing another module so stay tuned!
pwshmisp 1.0.2
This module is a collection of functions to help with communication with the MISP API.
www.powershellgallery.com
December 25, 2024 at 6:15 PM
Just released a new tool, pwshmisp - a powershell module for communicating with a #MISP server.
Grab it on www.powershellgallery.com/packages/pws... and contribute over on Github if you find any issues github.com/lnfernux/pws...
I'm also in the process of publishing another module so stay tuned!
Grab it on www.powershellgallery.com/packages/pws... and contribute over on Github if you find any issues github.com/lnfernux/pws...
I'm also in the process of publishing another module so stay tuned!
A little feedback request. I've written mostly non-technical lately, tried to focus on how to do something rather than giving out scripts and templates.
Example being this article:
www.infernux.no/SecurityMoni...
My question; what do you like to read, when it comes to tech-related blogs?
Example being this article:
www.infernux.no/SecurityMoni...
My question; what do you like to read, when it comes to tech-related blogs?
Security Monitoring - Threat Modeling and Data Sources
One of the most misunderstood aspects of security monitoring is determining what data sources to use for what purpose. In this post, we will go through the process of determining what data sources to ...
www.infernux.no
November 25, 2024 at 11:24 AM
A little feedback request. I've written mostly non-technical lately, tried to focus on how to do something rather than giving out scripts and templates.
Example being this article:
www.infernux.no/SecurityMoni...
My question; what do you like to read, when it comes to tech-related blogs?
Example being this article:
www.infernux.no/SecurityMoni...
My question; what do you like to read, when it comes to tech-related blogs?
My initial thoughts after attending #MSIgnite this past week; a lot of cool stuff regarding AI. The implications are basically that AI will be more available (create your own agent using natural language), so securing our AI deployments will be more important than ever. 1/2
November 25, 2024 at 11:17 AM
My initial thoughts after attending #MSIgnite this past week; a lot of cool stuff regarding AI. The implications are basically that AI will be more available (create your own agent using natural language), so securing our AI deployments will be more important than ever. 1/2
hey it's me 🦥
a man in a suit and tie is talking to another man in a green light .
ALT: a man in a suit and tie is talking to another man in a green light .
media.tenor.com
November 9, 2024 at 11:35 AM
hey it's me 🦥