gr00T0x
Follow
Stars
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
real time face swap and one-click video deepfake with only a single image
Collection of Dashboards for Threat Hunting and more!
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
This TA takes Suricata5 data from your port mirrored Suricata server and makes it readable within Splunk. See Cheatsheets on how to setup a Suricata Port Mirrored Server
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Tooling related to discovery of Cortex XDR canary files to avoid
PowerShell module to export a local copy of an Entra (Azure AD) tenant configuration.
Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques
Azure Function App for Synchronising Attack Simulation Training data to table storage
Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
Rules I have researched for Sentinel in my spare time. If someone wants to offer me a job I am open. Anyone can use this. Please credit me if you can
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
Kusto Query Language is a simple and productive language for querying Big Data.
Sentinel Threat Intelligence Upload Toolkit
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
Example code samples from our ScriptBlock Smuggling Blog post