DebugPrivilege / CPP
☆43Updated this week
Related projects: ⓘ
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆93Updated 2 months ago
- ☆48Updated last year
- Pushes Sysmon Configs☆89Updated 3 years ago
- ☆39Updated 3 years ago
- Simple PowerShell script to enable process scanning with Yara.☆86Updated last year
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆92Updated 10 months ago
- ☆42Updated 3 months ago
- Powershell Event Tracing Toolbox☆72Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆94Updated 2 years ago
- Presentations from Conferences☆25Updated last week
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆10Updated 11 months ago
- Repository that contains random short projects like write-ups, PowerShell scripts, and more.☆24Updated last month
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆33Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆66Updated 10 months ago
- ESXi Cyber Security Incident Response Script☆19Updated 2 weeks ago
- A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…☆14Updated last year
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆73Updated 3 years ago
- Azure AD Identity Protection Cookie Spoofing☆30Updated last year
- PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.☆61Updated 5 months ago
- ☆45Updated last year
- General Content☆19Updated 2 months ago
- ☆22Updated 2 years ago
- ☆40Updated 11 months ago
- ☆99Updated last year
- ☆68Updated last year
- ☆11Updated last year
- Community Tasks/Plans for PlumHound Queueing☆21Updated last year
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 5 months ago
- Azure function to insert MISP data in to Azure Sentinel☆30Updated last year