Open-Source

OID-See
OID-See

OID-See is a security analysis tool for Microsoft Entra ID (Azure Active Directory) that maps OAuth application consent, permissions, service principal assignments, and trust signals into a queryable graph — giving defenders a BloodHound-style view of OAuth sprawl and impersonation risk.

What it …

January 5, 2026 Read
ISDF — Intune Stateful Device Fingerprinting
ISDF — Intune Stateful …

ISDF (Intune Stateful Device Fingerprinting) is an open-source project that closes a specific blindspot in Conditional Access: the fact that device-reported attributes can be locally manipulated.

The problem it solves

Conditional Access is only as strong as the signals it consumes. If a device can …

September 4, 2025 Read
KuShu — Attack & Defence Research
KuShu — Attack & Defence …

KuShuSec (Cloud Guardian in Japanese) is an umbrella for cloud security research, attack simulation tooling, and defence frameworks. The primary public artefact is KuShu-Atama — a growing library of attack and defence mind maps for cloud services.

KuShu-Atama

A repository of structured attack and …

April 14, 2025 Read
Az-Skywalker
Az-Skywalker

Az-Skywalker is a security research project and toolset that exposes control plane isolation flaws in Microsoft Azure — particularly in Key Vault, Logic Apps, and other iPaaS services.

Research included

VaultRecon

Demonstrates how Microsoft’s intended isolation between the Key Vault control …

February 26, 2025 Read
The Audrey Project
The Audrey Project

The Audrey Project is a curated collection of RSS/OPML feeds for technology and security professionals. Rather than chasing every source individually, Audrey gives you a structured, opinionated starting point for staying current.

What it includes

  • Curated OPML files organised by topic (cloud …

January 6, 2023 Read