joeavanzato / RetrievIR

Related projects: ⓘ

• techspence / ADeleginator
  A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory
  ☆142Updated 4 months ago
• SpecterOps / TierZeroTable
  Table of AD and Azure assets and whether they belong to Tier Zero
  ☆185Updated 2 months ago
• mvelazc0 / msInvader
  M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.
  ☆110Updated 4 months ago
• LuemmelSec / Custom-BloodHound-Queries
  ☆169Updated 7 months ago
• Bert-JanP / Sentinel-Automation
  Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
  ☆67Updated last month
• LuccaSA / PingCastle-Notify
  Monitor your PingCastle scans to highlight the rule diff between two scans
  ☆104Updated last month
• evild3ad / Microsoft-Analyzer-Suite
  A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
  ☆256Updated 3 weeks ago
• AirbusProtect / AD-Canaries
  The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…
  ☆200Updated 9 months ago
• LuemmelSec / Client-Checker
  ☆158Updated 2 months ago
• LearningKijo / ResearchDev
  ResearchDev - XDR & SIEM Detection
  ☆61Updated 5 months ago
• f-bader / TokenTacticsV2
  A fork of the great TokenTactics with support for CAE and token endpoint v2
  ☆186Updated 3 months ago
• reprise99 / 4688-sysmon
  ☆48Updated last year
• Tanguy-Boisset / bloodhound-automation
  Automatically run and populate a new instance of BH CE
  ☆41Updated 2 weeks ago
• 0xAnalyst / DefenderATPQueries
  Hunting Queries for Defender ATP
  ☆70Updated last week
• 0xJs / domain_audit
  Audit tool for Active Directory. Automates a lot of checks from a pentester perspective.
  ☆155Updated 4 months ago
• securityjoes / ForensicMiner
  A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
  ☆147Updated 3 months ago
• Mayyhem / Maestro
  ☆146Updated 2 weeks ago
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆93Updated 2 months ago
• TrimarcJake / BlueTuxedo
  A tiny tool to find and fix common misconfigurations in Active Directory-integrated DNS
  ☆76Updated 2 weeks ago
• csandker / Azure-AccessPermissions
  ☆104Updated last year
• improsec / ImproHound
  Identify the attack paths in BloodHound breaking your AD tiering
  ☆294Updated last year
• Qazeer / FarsightAD
  PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …
  ☆92Updated 10 months ago
• sap8899 / reportly
  Reportly is an AzureAD user activity report tool.
  ☆88Updated last year
• keyboardcrunch / SentinelOne-ATTACK-Queries
  MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
  ☆85Updated 3 years ago
• Sam0x90 / CTI
  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
  ☆81Updated 4 months ago
• nasbench / Misc-Research
  A collection of tools, scripts and personal research
  ☆104Updated 2 months ago
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆70Updated last week
• olafhartong / MDE-AuditCheck
  MDE relies on some of the Audit settings to be enabled
  ☆94Updated 2 years ago
• akamai / Invoke-DHCPCheckup
  ☆101Updated 7 months ago
• canix1 / PIMSCAN
  Tool for creating reports on Entra ID Role Assignments
  ☆85Updated 5 months ago