Skip to content

Instantly share code, notes, and snippets.

View njmulsqb's full-sized avatar
💻
Contributing to FOSS

Najam Ul Saqib njmulsqb

💻
Contributing to FOSS
51 followers · 48 following
View GitHub Profile
@njmulsqb
njmulsqb / AppRegRoleFinder.ps1
Last active June 5, 2025 06:44 — forked from kfosaaen/AppRegRoleFinder.ps1
PowerShell 3-liner to find roles attached to your current user
# Get token in system.security.securestring format and decode it
$securestring = (Get-AzAccessToken).token
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureString)
$plaintext = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
$token = $plaintext.Split(".")[1].Replace('-', '+').Replace('_', '/')
while ($token.Length % 4) {$token += "="}
# Decode the token, and match the ObjectIds returned by Get-AzRoleAssignment with oid section of JWT. You can also manually decode the JWT and pass oid to Get-AzRoleAssignment -ObjectId $oid
Get-AzRoleAssignment | where ObjectId -EQ ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($token)) | ConvertFrom-Json).oid
@njmulsqb
njmulsqb / RGE-KQL-DoC.md
Last active July 2, 2024 07:45
Defender for Cloud KQL

Azure Defender for Cloud KQL Queries

These are the queries that I wrote and found useful to extract data using Azure Resource Graph Explorer

Security Alerts

Fetch all the active suspicious authentication activities

SecurityResources
| where type == "microsoft.security/locations/alerts" and properties.AlertDisplayName=="Suspicious authentication activity" and properties.Status=="Active"

Fetch all the active suspicious authentication activities (Only Start Time and Hostname)

@njmulsqb
njmulsqb / sourcemapWrapper.py
Created June 12, 2022 15:46
This is the wrapper I made around SourceMapper tool to fetch sourcemaps on large scale. Blog post: https://njmulsqb.github.io/2022/05/31/Hunting-Sourcemaps-On-Steroids.html
import sys
import subprocess
import os
parentDir = 'sourceMapsToJS'
sourceMapURL = sys.argv[1]
dirName = sourceMapURL.strip(
'https://').strip('http://').strip('www.').replace('/', '-').replace('.', '-')
if not os.path.exists(parentDir):
os.mkdir(parentDir)
@njmulsqb
njmulsqb / awesome-security-projects.md
Last active April 14, 2025 21:00
Awesome Security Projects

Awesome-Security-Repos

Here's a list of github repos and tools that I believe are awesome and should be promoted and used.

Source Code Analysis

  1. Semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  2. RegexPassive - Collection of regexp pattern for security passive scanning
  3. Secure Codebox - secureCodeBox (SCB) - continuous secure delivery out of the box

Wordlist and Payloads