List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by developing custom TTP'S from red-teaming engagements & simulations with the strategic goal to prevent threats before they have the opportunity to execute
☆26Jun 30, 2021Updated 4 years ago
Alternatives and similar repositories for DefenderATP-Proactive-Threat-Hunting-Queries-KQL
Users that are interested in DefenderATP-Proactive-Threat-Hunting-Queries-KQL are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆40Apr 8, 2021Updated 5 years ago
- Semantic analysis with neural networks☆10Feb 18, 2021Updated 5 years ago
- Sample queries for Advanced hunting in Microsoft Defender ATP☆38Dec 19, 2021Updated 4 years ago
- Repository with Sample KQL Query examples for Threat Hunting☆218Sep 1, 2022Updated 3 years ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆133Feb 10, 2026Updated 2 months ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- Michael Melone's Kusto Query library☆20Nov 17, 2023Updated 2 years ago
- Cheat sheets for threat hunting, detection and other stuff.☆34Oct 7, 2022Updated 3 years ago
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆766Aug 28, 2025Updated 7 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆808Jan 14, 2026Updated 3 months ago
- This repo is where I store my Threat Hunting ideas/content☆89Mar 20, 2026Updated 3 weeks ago
- Sample queries for Advanced hunting in Windows Defender ATP☆11Apr 22, 2020Updated 5 years ago
- Source Code of MSIL Ransom☆14Feb 11, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes☆22Jun 15, 2022Updated 3 years ago
- Automated Phishing Tool☆11May 27, 2020Updated 5 years ago
- Scan git repos for secrets using regex and entropy 🔑☆10Jun 18, 2020Updated 5 years ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆26Mar 20, 2025Updated last year
- CIS Benchmark for Server Hardening RHEL Ubuntu☆13Apr 6, 2018Updated 8 years ago
- a simple powershell wrapper to automate checking a user's access around the network☆13Dec 5, 2023Updated 2 years ago
- Create a Word document showing your Sentinel configuration☆14Nov 7, 2023Updated 2 years ago
- Python Script For Packet Sniffing☆11Aug 19, 2020Updated 5 years ago
- An opensource sigma conversion tool built using pysigma☆164Mar 24, 2026Updated 3 weeks ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Articles and labs relating to P2S Client VPN solutions on Microsoft Azure☆17Jun 9, 2023Updated 2 years ago
- Automating simple report creating of threat intelligence using ChatGPT and Greynoise API.☆10Oct 3, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- A Catalog of Application Whitelisting Bypass Techniques☆11Jul 14, 2017Updated 8 years ago
- Hardening audit scripts validating Workstations and Servers based on CIS benchmarks☆16Aug 19, 2025Updated 7 months ago
- A collection of pcaps☆16Jul 5, 2015Updated 10 years ago
- Python code for 1) permuting randomly-generated passwords for easier entry on mobile devices, and 2) for estimating entropy lost as a res…☆16May 5, 2016Updated 9 years ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆50Jan 1, 2026Updated 3 months ago
- Proof of Concept - Using squid url rewrite feature to "hijack" proxy traffic and inject BeEF payload into it.☆13Feb 23, 2015Updated 11 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A collection of shellcode hashes☆17Aug 15, 2018Updated 7 years ago
- Azure PowerShell Scripts for Compute, Virtual Machines, Networking, Storage, Disks and Resource Groups.☆17Sep 24, 2024Updated last year
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 8 years ago
- Collection of Utility scripts☆16Sep 11, 2019Updated 6 years ago
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- gundog - guided hunting in Microsoft Defender☆52Apr 29, 2021Updated 4 years ago
- Add iOS & Android device and push notification support in your Rails application.☆12Mar 6, 2017Updated 9 years ago