PowerShell tools to help defenders hunt smarter, hunt harder.

This repository contains a wide array of KQL Queries ready for you to easily copy, paste, and execute within Intune.

A website tracking the table schema of Microsoft XDR tables

Office 365 Reporting PowerShell Scripts

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Automatically created C2 Feeds

A repository of sysmon configuration modules

Azure Security Resources and Notes

Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

Live Feed of C2 servers, tools, and botnets

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Sharing my KQL queries for Azure Sentinel

Hardcore Debugging

Hunting Queries for Defender ATP

This repository contains an automatically updated list of all Private Internet Access servers

A curated list of GPT agents for cybersecurity

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

M365 MDATP Live Response sample scripts

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…

Repository with supporting materials for Invictus Academy/Training

Expose a lot of MDE telemetry that is not easily accessible in any searchable form

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

This repository contains the research and components of our research into using Sigma for AWS Incident Response.

KQL Queries. Microsoft Defender, Microsoft Sentinel

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit …