Thomas DIOT (Qazeer)

InfoSec enthusiast
Incident Response & Adversary Simulation

Open-source projects I created or had the occasion to contribute to.

art[i | é]facts.help

Ever-evolving knowledge base of digital forensic artifacts.

artefacts.help

FarsightAD

FarsightAD is a PowerShell script that implements multiple cmdlets to help detect and investigate Active Directory persistence, following a forest or domain compromise. It rely on a mix of reviewing the current domain state and getting historical information / timestamps (notably from replication meta data) whenever possible.​

Areas of persistence covered: fully or partially hidden objects (detected using replication data queried through DRS), SIDHistory & primaryGroupID persistence, ACL / GPO / AD CS / Kerberos based persistence, …

Qazeer/FarsightAD

EDRSandblast

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS protections.
Multiple userland unhooking techniques are also implemented to evade userland monitoring.

Developed with Maxime Meignan

wavestone-cdt/EDRSandblast

OffensivePythonPipeline

Static standalone binaries for Linux and Windows (x64) of Python offensive tools.
Compiled using Docker for Windows, WSL2, and Make.

Qazeer/OffensivePythonPipeline

DFIR scripts

Various PowerShell or Python scripts to assist and automate tasks during digital forensics investigations.


GitHub Gists

Other contributions

Occasional contributions to open-source security projects, such as Metasploit, Priv2Admin, KapeFiles, PingCastle, Velociraptor’s Artifact Exchange, Microsoft-Extractor-Suite, etc.