Alternatives and similar repositories for DefenderHarvester

Users that are interested in DefenderHarvester are comparing it to the libraries listed below

• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆817Feb 17, 2025Updated 11 months ago
• f-bader / EntraIDAuditLogToMicrosoftGraph

  View on GitHub
  A list of Entra ID (Azure AD) Audit event names and the corresponding Microsoft Graph Request Uri
  ☆36Sep 27, 2024Updated last year
• olafhartong / BHCEupload

  View on GitHub
  A small go tool to upload JSON files to the BloodHound community edition API
  ☆30May 29, 2024Updated last year
• thiagopeixoto / mystique-self-injection

  View on GitHub
  An improvement and a different approach to Mockingjay Self-Injection.
  ☆35May 21, 2024Updated last year
• olafhartong / WDACme

  View on GitHub
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆30Jun 18, 2025Updated 7 months ago
• microsoft / MSEntraIDProtectionGuidance

  View on GitHub
  MS Entra ID Protection Guidance
  ☆22Apr 2, 2024Updated last year
• Cyberlorians / Articles

  View on GitHub
  ☆54Feb 7, 2026Updated last week
• cyb3rmik3 / MDE-DFIR-Resources

  View on GitHub
  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …
  ☆421Aug 10, 2025Updated 6 months ago
• f-bader / TokenTacticsV2

  View on GitHub
  A fork of the great TokenTactics with support for CAE and token endpoint v2
  ☆385Updated this week
• AirbusProtect / AD-Canaries

  View on GitHub
  The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…
  ☆258Nov 24, 2023Updated 2 years ago
• cventour / PoSH

  View on GitHub
  Random Powershell scripts
  ☆13Feb 13, 2024Updated 2 years ago
• Iansus / DllProxy

  View on GitHub
  ☆17Jun 28, 2023Updated 2 years ago
• Visorian / PSMDE

  View on GitHub
  Microsoft Defender for Endpoint PowerShell module
  ☆12Dec 28, 2023Updated 2 years ago
• cyb3rmik3 / KQL-threat-hunting-queries

  View on GitHub
  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…
  ☆754Aug 28, 2025Updated 5 months ago
• matthieugras / timeline-downloader

  View on GitHub
  ☆72Feb 4, 2026Updated last week
• FlyingPhish / ROADTools-Analyser

  View on GitHub
  This python script performs a number of sqlite queries (mainly password metadata) against sqlite databases (Created by ROADtools) to prov…
  ☆22Jul 3, 2024Updated last year
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆239Sep 3, 2023Updated 2 years ago
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• jsa2 / caOptics

  View on GitHub
  CA Optics - Azure AD Conditional Access Gap Analyzer
  ☆334Aug 28, 2024Updated last year
• felmoltor / goLAPS

  View on GitHub
  Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.
  ☆32Mar 8, 2025Updated 11 months ago
• jonny-jhnson / PowerParse

  View on GitHub
  PowerShell PE Parser
  ☆63Jun 28, 2024Updated last year
• jonny-jhnson / ETWInspector

  View on GitHub
  ☆180Apr 24, 2025Updated 9 months ago
• JumpsecLabs / TokenSmith

  View on GitHub
  TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …
  ☆376Jan 23, 2025Updated last year
• olafhartong / MDE-AuditCheck

  View on GitHub
  MDE relies on some of the Audit settings to be enabled
  ☆100Jul 15, 2022Updated 3 years ago
• MSCloudInternals / XDRInternals

  View on GitHub
  A PowerShell module for the Defender XDR portal
  ☆63Feb 3, 2026Updated last week
• alatif113 / mitre_attck_heatmap

  View on GitHub
  ☆19Dec 9, 2024Updated last year
• CCob / Shwmae

  View on GitHub
  ☆160Jan 27, 2025Updated last year
• Yamato-Security / EnableWindowsLogSettings

  View on GitHub
  Documentation and scripts to properly enable Windows event logs.
  ☆671Oct 3, 2025Updated 4 months ago
• LearningKijo / MDEtester

  View on GitHub
  MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
  ☆194Mar 4, 2024Updated last year
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• BloodHoundAD / BARK

  View on GitHub
  BloodHound Attack Research Kit
  ☆584Mar 18, 2025Updated 10 months ago
• emiliensocchi / azurehound-queries

  View on GitHub
  🌩️ Collection of BloodHound queries for Azure
  ☆82Jan 7, 2025Updated last year
• Sam0x90 / CTI

  View on GitHub
  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
  ☆83Apr 27, 2024Updated last year
• HackmichNet / AzTokenFinder

  View on GitHub
  ☆107Jan 4, 2023Updated 3 years ago
• matterpreter / FindETWProviderImage

  View on GitHub
  Quickly search for references to a GUID in DLLs, EXEs, and drivers
  ☆75Dec 10, 2021Updated 4 years ago
• BloodHoundAD / TierZeroTable

  View on GitHub
  Table of AD and Azure assets and whether they belong to Tier Zero
  ☆26Sep 12, 2023Updated 2 years ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,634Updated this week
• secureworks / BAADTokenBroker

  View on GitHub
  ☆116Jun 17, 2025Updated 7 months ago
• jischell-msft / RemoteManagementMonitoringTools

  View on GitHub
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆103Aug 15, 2025Updated 5 months ago