Skip to content

Instantly share code, notes, and snippets.

View dstreefkerk's full-sized avatar

Daniel dstreefkerk

View GitHub Profile
@dstreefkerk
dstreefkerk / 40-fortianalyzer-filtered-cef.conf
Last active May 23, 2025 06:18
rsyslog conf.d file to handle FortiAnalyzer's malformed CEF format and ingest to Sentinel via AMA
#####################################################################
# FortiAnalyzer CEF Integration with Severity-Based Noise Reduction
#####################################################################
#
# PURPOSE:
# --------
# This configuration solves two critical problems with FortiAnalyzer
# CEF log forwarding to Microsoft Sentinel:
#
# 1. PROTOCOL COMPLIANCE: FortiAnalyzer sends raw CEF messages without
@dstreefkerk
dstreefkerk / wp_to_jekyll.py
Last active May 20, 2025 10:15
Quick and dirty script to migrate wordpress.com XML exported posts to Jekyll markdown, and update/check them using Claude Code.
#!/usr/bin/env python3
"""
WordPress to Jekyll Migration Script using Claude Code CLI
This script:
1. Takes a WordPress export XML file path as input
2. Lists all matching posts based on runtime parameters
3. Allows the user to select which posts to migrate
4. Extracts posts from the WordPress export
5. Uses Claude CLI to convert each post to Jekyll format (or simulates conversion with --dry-run)
@dstreefkerk
dstreefkerk / ai_user_expertise_summary.md
Created April 29, 2025 23:00
Summarise an AI conversation to infer and summarise the user's apparent expertise, professional background, and relevant technical knowledge.

Task

Based on this conversation, infer and summarise the user's apparent expertise, professional background, and relevant technical knowledge.

Support your inferences by citing specific examples from the conversation, such as:

  • technical terminology used accurately,
  • problem-solving approaches demonstrated, or
  • domain-specific insights provided.

Ensure your summary is objective, evidence-based, and concise.

@dstreefkerk
dstreefkerk / sigma_converter.py
Created April 16, 2025 10:30
POC code only. Do not use.
"""
Sigma to Microsoft Sentinel KQL Converter
-----------------------------------------
This script converts Sigma detection rules to Microsoft Sentinel KQL (Kusto Query Language) format
using the SOC Prime translation service.
SOC Prime, Inc (https://socprime.com) provides the translation API (uncoder.io) that powers this converter.
This script is a client for that service and is not affiliated with or endorsed by SOC Prime, Inc.
@dstreefkerk
dstreefkerk / azure-mgmt-securityinsight-api-reference.md
Last active April 14, 2025 23:22
LLM-generated documentation for the Azure Management SecurityInsight SDK for Python

MCP Safety Audit: Gas Stoves with Manual Cooking Protocol Allow Major Burn Vulnerabilities

Executive Summary
Gas stoves, which operate under the legacy Manual Cooking Protocol (MCP), have been found to allow users to willingly place their hands on active burners, resulting in severe thermal compromise. Despite long-standing warnings, manufacturers continue to ship these devices with unrestricted flame access and no built-in user safety interlocks.

Key Findings

  • No Authentication for Ignition: Any user, regardless of clearance or training, can initiate flame generation with a simple knob twist.
  • Direct Contact Vulnerability: Users can directly touch the burner while it's active. No safeguards prevent this. Zero.
  • Lack of User Behaviour Sandboxing: The system permits reckless multi-tasking, such as reaching over multiple lit burners to grab a spice jar.
  • No Real-Time Alerting: Burn events are not logged, monitored, or alerted. Incident response relies on screaming.
@dstreefkerk
dstreefkerk / opinsights-all.kql
Last active February 12, 2025 04:44
Azure Resource Graph Query - Retrieve details of all accessible Sentinel-enabled Operational Insights Workspaces
// This query retrieves all Microsoft Sentinel-enabled Log Analytics workspaces the user has access to.
// It checks for Sentinel by looking for the 'SecurityInsights' solution in 'Microsoft.OperationsManagement/solutions'.
// The join is done using the full resource ID of the workspace.
resources
| where type == "microsoft.operationalinsights/workspaces"
| extend workspaceId = tostring(properties.customerId), workspaceName = name, workspaceResourceId = tolower(id)
| join kind=leftouter (
resources
| where type == "microsoft.operationsmanagement/solutions"
@dstreefkerk
dstreefkerk / oob_update.json
Last active January 9, 2025 23:29 — forked from bisskar/oob_update.json
This ARM template deploys an Azure Logic App workflow designed to notify users about updates to Microsoft Sentinel analytic rules.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"NamePrefix": {
"defaultValue": "",
"type": "String",
"metadata": {
"description": "Optional prefix to prepend to all resource names for easy identification."
}
# PowerShell script in response to this:
# https://github.com/hattonsec/hattonsec.github.io/commit/1d78938bf324fac1a68d89f83e8d6dcd785ac8bd#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R838
$BaseUrl = "https://log[.]linpeas[.]sh" # defanged. Don't actually do this, I just generated this script for the lolz
# Need the lyrics in a text file somewhere
$rick = Get-Content C:\temp\rick.txt | Where-Object {-not [string]::IsNullOrWhiteSpace($_)}
foreach ($roll in $rick) {
$uuid = [guid]::NewGuid().guid -replace '-',''
@dstreefkerk
dstreefkerk / profile.ps1
Last active October 15, 2024 23:19
PowerShell profile function and alias to copy the current folder's filenames to clipboard
<#
.SYNOPSIS
Retrieves file names from the current folder and copies them to the clipboard.
Drop this function and the alias definition into your PowerShell profile file to make it available in every PowerShell session.
.EXAMPLE
Get-FileNamesFromCurrentFolder -Recurse
Recursively gets all file names from the current folder and subfolders, copying them to the clipboard.