microsoft/DefendTheFlag external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

microsoft/DefendTheFlag

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/DefendTheFlag)

Close

microsoft / DefendTheFlagView on GitHubMore

• External links
• Readme badge

Get started fast with a built out lab, built from scratch via Azure Resource Manager (ARM) and Desired State Configuration (DSC), to test out Microsoft's security products.

☆238Jun 25, 2020Updated 5 years ago

Alternatives and similar repositories for DefendTheFlag

Users that are interested in DefendTheFlag are comparing it to the libraries listed below

• Azure / CONVEX

  View on GitHub
  CONVEX is a group of CTFs that are independently deployable into participant Azure environments.
  ☆140May 16, 2022Updated 3 years ago
• mnemonic-no / SNIcat

  View on GitHub
  SNIcat
  ☆128Aug 19, 2021Updated 4 years ago
• edoardogerosa / sentinel-attack

  View on GitHub
  Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
  ☆1,078Nov 28, 2024Updated last year
• Azure / Stormspotter

  View on GitHub
  Azure Red Team tool for graphing Azure and Azure Active Directory objects
  ☆1,684Jan 8, 2024Updated 2 years ago
• iknowjason / PurpleCloud

  View on GitHub
  A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-pur…
  ☆627Mar 21, 2025Updated 11 months ago
• OTRF / bloodhound-notebooks

  View on GitHub
  Notebooks created to attack and secure Active Directory environments
  ☆27Nov 18, 2019Updated 6 years ago
• matterpreter / spotter

  View on GitHub
  Targeted Payload Execution
  ☆100Apr 9, 2020Updated 5 years ago
• mobdk / WinBoost

  View on GitHub
  Execute Mimikatz with different technique
  ☆51Nov 8, 2021Updated 4 years ago
• microsoft / Microsoft-365-Defender-Hunting-Queries

  View on GitHub
  Sample queries for Advanced hunting in Microsoft 365 Defender
  ☆2,051Feb 17, 2022Updated 4 years ago
• OTRF / SimuLand

  View on GitHub
  Cloud Templates and scripts to deploy mordor environments
  ☆129Mar 3, 2021Updated 4 years ago
• cisagov / Sparrow

  View on GitHub
  Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 en…
  ☆1,431Dec 27, 2022Updated 3 years ago
• mdsecactivebreach / o365-attack-toolkit

  View on GitHub
  A toolkit to attack Office365
  ☆1,117Nov 6, 2020Updated 5 years ago
• dsnezhkov / TruffleSnout

  View on GitHub
  Iterative AD discovery toolkit for offensive operations
  ☆85Mar 16, 2020Updated 5 years ago
• thomaspatzke / elk-detection-lab

  View on GitHub
  An ELK environment containing interesting security datasets.
  ☆136May 11, 2020Updated 5 years ago
• surbo / OVERFLOW

  View on GitHub
  Microsoft Flow Attack Framework
  ☆23Nov 14, 2019Updated 6 years ago
• BreakingMhet / honeyzure

  View on GitHub
  HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…
  ☆17Jun 11, 2024Updated last year
• ReverendThing / Carnivore

  View on GitHub
  Microsoft External Attack Tool
  ☆178Dec 8, 2022Updated 3 years ago
• PlumHound / PlumHound

  View on GitHub
  Bloodhound Reporting for Blue and Purple Teams
  ☆1,277Nov 15, 2025Updated 3 months ago
• cyberstruggle / chalumeau

  View on GitHub
  Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python.
  ☆103Jul 26, 2020Updated 5 years ago
• dirkjanm / ROADtools

  View on GitHub
  A collection of Azure AD/Entra tools for offensive and defensive security purposes
  ☆2,528Feb 5, 2026Updated 3 weeks ago
• NetSPI / MicroBurst

  View on GitHub
  A collection of scripts for assessing Microsoft Azure security
  ☆2,306Oct 29, 2025Updated 3 months ago
• outflanknl / Invoke-ADLabDeployer

  View on GitHub
  Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  ☆492Feb 16, 2019Updated 7 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• christophetd / Adaz

  View on GitHub
  Deploy customizable Active Directory labs in Azure - automatically.
  ☆426Dec 5, 2024Updated last year
• treebuilder / aad-sso-enum-brute-spray

  View on GitHub
  POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln
  ☆192Sep 29, 2021Updated 4 years ago
• OTRF / Blacksmith

  View on GitHub
  Building environments to replicate small networks and deploy applications
  ☆330Jan 9, 2026Updated last month
• appsecco / devsecops-using-cloudnative-workshop

  View on GitHub
  This repo contains workshop material delivered at #nullcon2020
  ☆16Mar 6, 2020Updated 5 years ago
• darkquasar / AzureHunter

  View on GitHub
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆789Oct 29, 2022Updated 3 years ago
• attactics / cslogwatch

  View on GitHub
  Cobalt Strike log state tracking, parsing, and storage
  ☆24Jul 18, 2019Updated 6 years ago
• thalpius / Microsoft-Azure-AD-Conditional-Access-Validator

  View on GitHub
  This script validates the most common Conditional Access policies in Microsoft 365.
  ☆10May 27, 2024Updated last year
• sbousseaden / Slides

  View on GitHub
  Misc Threat Hunting Resources
  ☆377Jan 26, 2023Updated 3 years ago
• improsec / ImproHound

  View on GitHub
  Identify the attack paths in BloodHound breaking your AD tiering
  ☆326Nov 6, 2022Updated 3 years ago
• OTRF / ATTACK-Python-Client

  View on GitHub
  Python Script to access ATT&CK content available in STIX via a public TAXII server
  ☆568Dec 19, 2025Updated 2 months ago
• zeronetworks / BloodHound-Tools

  View on GitHub
  Collection of tools that reflect the network dimension into Bloodhound's data
  ☆446Oct 19, 2022Updated 3 years ago
• dafthack / MSOLSpray

  View on GitHub
  A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the ac…
  ☆1,077Mar 19, 2024Updated last year
• ReversecLabs / leonidas

  View on GitHub
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆605Nov 28, 2024Updated last year
• Mr-Un1k0d3r / DLLsForHackers

  View on GitHub
  Dll that can be used for side loading and other attack vector.
  ☆205Sep 17, 2020Updated 5 years ago
• Cloud-Architekt / AzureAD-Attack-Defense

  View on GitHub
  This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and …
  ☆2,475Dec 31, 2025Updated 2 months ago
• limbenjamin / LogServiceCrash

  View on GitHub
  POC code to crash Windows Event Logger Service
  ☆27Oct 16, 2020Updated 5 years ago