List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by developing custom TTP'S from red-teaming engagements & simulations with the strategic goal to prevent threats before they have the opportunity to execute
☆26Jun 30, 2021Updated 4 years ago
Alternatives and similar repositories for DefenderATP-Proactive-Threat-Hunting-Queries-KQL
Users that are interested in DefenderATP-Proactive-Threat-Hunting-Queries-KQL are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆40Apr 8, 2021Updated 4 years ago
- Semantic analysis with neural networks☆10Feb 18, 2021Updated 5 years ago
- Sample queries for Advanced hunting in Microsoft Defender ATP☆38Dec 19, 2021Updated 4 years ago
- Repository with Sample KQL Query examples for Threat Hunting☆218Sep 1, 2022Updated 3 years ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆133Feb 10, 2026Updated last month
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- Michael Melone's Kusto Query library☆20Nov 17, 2023Updated 2 years ago
- Cheat sheets for threat hunting, detection and other stuff.☆34Oct 7, 2022Updated 3 years ago
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆762Aug 28, 2025Updated 6 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆806Jan 14, 2026Updated 2 months ago
- This repo is where I store my Threat Hunting ideas/content☆89Updated this week
- Sample queries for Advanced hunting in Windows Defender ATP☆11Apr 22, 2020Updated 5 years ago
- A small, unfinished utility to browse and download NirSoft programs.☆17Jun 14, 2020Updated 5 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel☆240Feb 8, 2023Updated 3 years ago
- Source Code of MSIL Ransom☆14Feb 11, 2023Updated 3 years ago
- Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes☆22Jun 15, 2022Updated 3 years ago
- Automated Phishing Tool☆11May 27, 2020Updated 5 years ago
- Scan git repos for secrets using regex and entropy 🔑☆10Jun 18, 2020Updated 5 years ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated last year
- Collection of configuration files that can be used as good starting points to secure different services and tools☆17Nov 11, 2025Updated 4 months ago
- a simple powershell wrapper to automate checking a user's access around the network☆13Dec 5, 2023Updated 2 years ago
- Create a Word document showing your Sentinel configuration☆14Nov 7, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Python Script For Packet Sniffing☆11Aug 19, 2020Updated 5 years ago
- An opensource sigma conversion tool built using pysigma☆163Updated this week
- Articles and labs relating to P2S Client VPN solutions on Microsoft Azure☆17Jun 9, 2023Updated 2 years ago
- Automating simple report creating of threat intelligence using ChatGPT and Greynoise API.☆10Oct 3, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- A Catalog of Application Whitelisting Bypass Techniques☆11Jul 14, 2017Updated 8 years ago
- Hardening audit scripts validating Workstations and Servers based on CIS benchmarks☆16Aug 19, 2025Updated 7 months ago
- A collection of pcaps☆16Jul 5, 2015Updated 10 years ago
- Proof of Concept - Using squid url rewrite feature to "hijack" proxy traffic and inject BeEF payload into it.☆13Feb 23, 2015Updated 11 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- A collection of shellcode hashes☆17Aug 15, 2018Updated 7 years ago
- Azure PowerShell Scripts for Compute, Virtual Machines, Networking, Storage, Disks and Resource Groups.☆16Sep 24, 2024Updated last year
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- gundog - guided hunting in Microsoft Defender☆52Apr 29, 2021Updated 4 years ago
- Add iOS & Android device and push notification support in your Rails application.☆12Mar 6, 2017Updated 9 years ago
- Simulates a compromise in a cloud and container environment☆34Dec 18, 2024Updated last year
- Scanner for Regin Virtual Filesystems☆25Jan 20, 2015Updated 11 years ago