joeavanzato / RetrievIR
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
☆84Updated 3 weeks ago
Related projects: ⓘ
- A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory☆142Updated 4 months ago
- Table of AD and Azure assets and whether they belong to Tier Zero☆185Updated 2 months ago
- M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.☆110Updated 4 months ago
- ☆169Updated 7 months ago
- Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.☆67Updated last month
- Monitor your PingCastle scans to highlight the rule diff between two scans☆104Updated last month
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆256Updated 3 weeks ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆200Updated 9 months ago
- ☆158Updated 2 months ago
- ResearchDev - XDR & SIEM Detection☆61Updated 5 months ago
- A fork of the great TokenTactics with support for CAE and token endpoint v2☆186Updated 3 months ago
- ☆48Updated last year
- Automatically run and populate a new instance of BH CE☆41Updated 2 weeks ago
- Hunting Queries for Defender ATP☆70Updated last week
- Audit tool for Active Directory. Automates a lot of checks from a pentester perspective.☆155Updated 4 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆147Updated 3 months ago
- ☆146Updated 2 weeks ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆93Updated 2 months ago
- A tiny tool to find and fix common misconfigurations in Active Directory-integrated DNS☆76Updated 2 weeks ago
- ☆104Updated last year
- Identify the attack paths in BloodHound breaking your AD tiering☆294Updated last year
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆92Updated 10 months ago
- Reportly is an AzureAD user activity report tool.☆88Updated last year
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆85Updated 3 years ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 4 months ago
- A collection of tools, scripts and personal research☆104Updated 2 months ago
- CarbonBlack EDR detection rules and response actions☆70Updated last week
- MDE relies on some of the Audit settings to be enabled☆94Updated 2 years ago
- ☆101Updated 7 months ago
- Tool for creating reports on Entra ID Role Assignments☆85Updated 5 months ago