Sentinel Blue

Warrenton, VA

Pinned Repositories

atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Language:C00
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
Language:Jupyter Notebook2 0 00
bicep
Bicep is a declarative language for describing and deploying Azure resources
Language:Bicep0 0 00
CVE-2022-29072
** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, NOTE: multiple third parties have reported that no privilege escalation can occur.
Language:PowerShell8 2 00
CVE-2022-30190
Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190.
5 3 01
DeepBlueCLI
Language:PowerShell0 0 00
EntraExporter
PowerShell module to export a local copy of an Entra (Azure AD) tenant configuration.
Language:PowerShell10
malware-samples
A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net
Language:ActionScript0 0 00
PSScriptAnalyzer
Download ScriptAnalyzer from PowerShellGallery
Language:C#10
ScubaGear
(Azure Gov and GCC High Supported). Automation to assess the state of your M365 tenant against CISA's baselines.
Language:Open Policy Agent1 0 00

Sentinel Blue's Repositories

sentinelblue/CVE-2022-29072
** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, NOTE: multiple third parties have reported that no privilege escalation can occur.
Language:PowerShell8 2 00
sentinelblue/CVE-2022-30190
Microsoft Sentinel analytic rule and hunting queries in ASIM for activity of MSDT and CVE-2022-30190.
5 3 01
sentinelblue/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
Language:Jupyter Notebook2 0 00
sentinelblue/EntraExporter
PowerShell module to export a local copy of an Entra (Azure AD) tenant configuration.
Language:PowerShell10
sentinelblue/PSScriptAnalyzer
Download ScriptAnalyzer from PowerShellGallery
Language:C#10
sentinelblue/ScubaGear
(Azure Gov and GCC High Supported). Automation to assess the state of your M365 tenant against CISA's baselines.
Language:Open Policy Agent1 0 00
sentinelblue/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Language:C00
sentinelblue/bicep
Bicep is a declarative language for describing and deploying Azure resources
Language:Bicep0 0 00
sentinelblue/BloodHound
Six Degrees of Domain Admin
Language:PowerShell0 0 00
sentinelblue/CRTgov
Language:PowerShell0 2 00
sentinelblue/DeepBlueCLI
Language:PowerShell0 0 00
sentinelblue/malware-samples
A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net
Language:ActionScript0 0 00
sentinelblue/rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
Language:Go0 0 00
sentinelblue/HaloAPI
PowerShell module for the Halo Service Solutions series of software products.
Language:PowerShell0 0
sentinelblue/HELK
The Hunting ELK
Language:Jupyter Notebook0 0
sentinelblue/microsoft-info
Repository hosting a list of Microsoft First party apps
Language:PowerShell
sentinelblue/Microsoft-Sentinel-SB-ASIM
Microsoft Sentinel Advanced Security Information Model (ASIM) schemas and parsers maintained by the Sentinel Blue SOC team.
sentinelblue/microsoft-teams-emergency-operations-center
The Microsoft Teams Emergency Operations Center (TEOC) solution template leverages the power of the Microsoft 365 platform to centralize incident response, information sharing and field communications using powerful services like Microsoft Lists, SharePoint and more.
sentinelblue/msticpy
Microsoft Threat Intelligence Security Tools
Language:Python0 0
sentinelblue/OSSEM
Open Source Security Events Metadata (OSSEM)
Language:Python0 0
sentinelblue/paths-filter
Conditionally run actions based on files modified by PR, feature branch or pushed commits
Language:TypeScript0 0
sentinelblue/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Language:HCL0 0
sentinelblue/Winget-AutoUpdate
WAU daily updates apps as system and notify connected users. (Allowlist and Blocklist support)
sentinelblue/winget-cli-restsource
This project aims to provide a reference implementation for creating a REST based package source for the winget client.

Sentinel Blue

Pinned Repositories

atomic-red-team

Azure-Sentinel

bicep

CVE-2022-29072

CVE-2022-30190

DeepBlueCLI

EntraExporter

malware-samples

PSScriptAnalyzer

ScubaGear

Sentinel Blue's Repositories

sentinelblue/CVE-2022-29072

sentinelblue/CVE-2022-30190

sentinelblue/Azure-Sentinel

sentinelblue/EntraExporter

sentinelblue/PSScriptAnalyzer

sentinelblue/ScubaGear

sentinelblue/atomic-red-team

sentinelblue/bicep

sentinelblue/BloodHound

sentinelblue/CRTgov

sentinelblue/DeepBlueCLI

sentinelblue/malware-samples

sentinelblue/rita

sentinelblue/HaloAPI

sentinelblue/HELK

sentinelblue/microsoft-info

sentinelblue/Microsoft-Sentinel-SB-ASIM

sentinelblue/microsoft-teams-emergency-operations-center

sentinelblue/msticpy

sentinelblue/OSSEM

sentinelblue/paths-filter

sentinelblue/sentinel-attack

sentinelblue/Winget-AutoUpdate

sentinelblue/winget-cli-restsource