eshlomo1 / CloudSec
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
☆15Updated last week
Related projects ⓘ
Alternatives and complementary repositories for CloudSec
- Azure AD Incident Response☆24Updated 3 years ago
- ☆40Updated last year
- Repository with supporting materials for Invictus Academy/Training☆36Updated last month
- ASR Configurator, Essentials and Atomic Testing☆36Updated 3 weeks ago
- Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.☆75Updated 3 months ago
- A collection of ARM-based detections for Azure/AzureAD based TTPs☆80Updated 11 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆31Updated 6 months ago
- PowerShell script to create reports of M365 User Multi-factor Authentication Registration Status and Highlight MFA Related Conditional Ac…☆12Updated 6 months ago
- ☆43Updated last month
- Presentations from Conferences☆26Updated 2 months ago
- Hunting Queries for Defender ATP☆73Updated this week
- ☆26Updated last year
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆27Updated 3 weeks ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆10Updated last year
- KQL queries for cyber defense and for solving daily issues☆43Updated last month
- ☆40Updated 3 years ago
- Azure AD Identity Protection Cookie Spoofing☆31Updated last year
- ☆22Updated 2 years ago
- Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…☆13Updated 8 months ago
- Automation around Entra ID☆34Updated 4 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆110Updated this week
- ☆53Updated 4 months ago
- Solution to deploy a Sentinel playground demo environment☆55Updated last year
- ☆30Updated last year
- Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token☆24Updated last year
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 3 months ago
- A WDAC configuration repository with the sole intention of enriching MDE☆27Updated last year
- A list of Entra ID (Azure AD) Audit event names and the corresponding Microsoft Graph Request Uri☆26Updated last month
- Slides of my public talks☆46Updated 11 months ago