francoisfried/Defender-Advanced-Hunting-Queries external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

francoisfried/Defender-Advanced-Hunting-Queries

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/francoisfried/Defender-Advanced-Hunting-Queries)

Close

francoisfried / Defender-Advanced-Hunting-QueriesView on GitHubMore

• External links
• Readme badge

KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.

☆19Nov 7, 2024Updated last year

Alternatives and similar repositories for Defender-Advanced-Hunting-Queries

Users that are interested in Defender-Advanced-Hunting-Queries are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Bill-Stewart / PrivMan

  View on GitHub
  ☆12Apr 4, 2024Updated last year
• chihebchebbi / Peerlyst-Articles-Collection

  View on GitHub
  ☆15Jan 8, 2020Updated 6 years ago
• ljvblfz / WindowsServer2003DDKFiles

  View on GitHub
  ☆11Sep 23, 2017Updated 8 years ago
• wjk / WindowsLogViewer

  View on GitHub
  ☆18Apr 18, 2023Updated 2 years ago
• mtth-bfft / lsobj

  View on GitHub
  Lists all visible objects in the Windows kernel object namespace, a command-line WinObj
  ☆15May 27, 2018Updated 7 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• orlys / Nautilus

  View on GitHub
  Programmable dynamic firewall API for Windows platform written in C#.
  ☆11Sep 2, 2022Updated 3 years ago
• mattifestation / MSFTTraceMessageFormat

  View on GitHub
  All TMF files that I extracted from Microsoft PDBs.
  ☆14Jun 29, 2019Updated 6 years ago
• gnarly-cl0s / AZ-500CheatSheet

  View on GitHub
  Security Engineer Prep for Azure
  ☆22Nov 18, 2020Updated 5 years ago
• sin5678 / zxarps

  View on GitHub
  arp spoof tool by lzx
  ☆18Jan 23, 2014Updated 12 years ago
• NyaMisty / idatil2c

  View on GitHub
  Convert IDA Type Library `*.til` to Compilable C Header!
  ☆20Mar 9, 2023Updated 3 years ago
• deanobalino / SentinelWorkshop

  View on GitHub
  Azure Sentinel Workshop
  ☆18Jun 5, 2021Updated 4 years ago
• dcaddick / gsd_public

  View on GitHub
  ☆49Feb 15, 2026Updated last month
• Vector35 / idb-rs

  View on GitHub
  IDB parser
  ☆26Nov 24, 2025Updated 4 months ago
• JeffMichelmore / M365D-API

  View on GitHub
  ☆20Sep 27, 2024Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• kennethvs / cabaseline202503

  View on GitHub
  Conditional Access baseline for March 2025
  ☆12Mar 4, 2025Updated last year
• nccgroup / WindowsPatchDetector

  View on GitHub
  Experimental Windows .text section Patch Detector
  ☆22Jan 26, 2015Updated 11 years ago
• a7t0fwa7 / windows-ps-callbacks-experiments

  View on GitHub
  Files for http://deniable.org/windows/windows-callbacks
  ☆26Jul 9, 2020Updated 5 years ago
• artemy-ccrsky / DecryptRecoveryLAPS_RPC

  View on GitHub
  A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.
  ☆29Jun 9, 2025Updated 9 months ago
• SamLarenN / MIR-Engine

  View on GitHub
  MIR-Engine
  ☆23Jul 6, 2017Updated 8 years ago
• a7t0fwa7 / SymProcSleuth

  View on GitHub
  A pure C version of SymProcAddress
  ☆30Mar 17, 2024Updated 2 years ago
• brownbelt / WindowsResearchKernel-WRK

  View on GitHub
  Windows OS Internals Curriculum Resource Kit ACADEMIC
  ☆19Nov 4, 2017Updated 8 years ago
• 0xMegaByte / COM-Explained

  View on GitHub
  ☆26Sep 29, 2022Updated 3 years ago
• ljvblfz / WindowsKernelPhilosophy

  View on GitHub
  Windows内核设计思想
  ☆26Mar 23, 2017Updated 9 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• nccgroup / WindowsMemPageDelta

  View on GitHub
  A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection
  ☆32Oct 7, 2020Updated 5 years ago
• paysonism / Windows-Kernel-Guide

  View on GitHub
  A complete 600 page book on modern Windows Kernel Driver development and all info about kernel.
  ☆24Jul 19, 2024Updated last year
• cheahengsoon / KaliLinuxTools

  View on GitHub
  For Education Purpose Only (Self Learning)
  ☆33Dec 10, 2021Updated 4 years ago
• rand-tech / ida9rewriter

  View on GitHub
  Bump your ida python script automatically!
  ☆31Apr 19, 2025Updated 11 months ago
• PlatyPew / ida-flirtdb

  View on GitHub
  A collection of signature files for IDA
  ☆34Oct 8, 2025Updated 5 months ago
• jkerai1 / WindowsHardeningScripts

  View on GitHub
  Windows Hardening Powershell Scripts
  ☆25Oct 3, 2025Updated 5 months ago
• metachris / pdfminer

  View on GitHub
  PDF Parser : fork with Python 2+3 support using six
  ☆25Dec 6, 2015Updated 10 years ago
• joshrnoll / ansible-collection-homelab

  View on GitHub
  A collection of Ansible automation roles for my homelab.
  ☆12Jan 17, 2025Updated last year
• rvrsh3ll / CanaryServer

  View on GitHub
  Fake SMB and SAMR data
  ☆11Oct 27, 2019Updated 6 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• nyxgeek / AzureAD_Autologon_Brute

  View on GitHub
  Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-ac…
  ☆107Jun 27, 2024Updated last year
• KiExitDispatcher / GhostVEH

  View on GitHub
  Registers Vectored Exception Handlers by directly manipulating internal LdrpVectorHandlerList structure instead of calling RtlAddVectored…
  ☆36Jan 18, 2026Updated 2 months ago
• Samurai-X-13 / wifi-deauther-gui

  View on GitHub
  This is a gui interface for airmon-ng
  ☆14Mar 23, 2023Updated 3 years ago
• freshcells / soap-client-bundle

  View on GitHub
  Symfony Bundle for SoapClient
  ☆35Feb 26, 2026Updated last month
• yaya2devops / gopencti

  View on GitHub
  On-Premises Open Cyber Threat Intelligence Platform
  ☆11Oct 29, 2024Updated last year
• nccgroup / mimikatz-detector-condrv

  View on GitHub
  The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …
  ☆41Sep 6, 2022Updated 3 years ago
• sebbmeyer / laravel-teams-connector

  View on GitHub
  Microsoft Teams Connector for Laravel
  ☆33Feb 28, 2025Updated last year