Alternatives and similar repositories for WDACme

Users that are interested in WDACme are comparing it to the libraries listed below

• cventour / PoSH

  View on GitHub
  Random Powershell scripts
  ☆13Feb 13, 2024Updated 2 years ago
• Harvester57 / CodeIntegrity-DriverBlocklist

  View on GitHub
  ☆20May 30, 2025Updated 8 months ago
• olafhartong / MDE-AuditCheck

  View on GitHub
  MDE relies on some of the Audit settings to be enabled
  ☆100Jul 15, 2022Updated 3 years ago
• olafhartong / DefenderHarvester

  View on GitHub
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆116Aug 19, 2025Updated 5 months ago
• benscha / KQLAdvancedHunting

  View on GitHub
  some KQL Queries for Advanced Hunting
  ☆54Jan 15, 2026Updated 3 weeks ago
• clr2of8 / AtomicRunner

  View on GitHub
  ☆12Apr 18, 2025Updated 9 months ago
• TonyPhipps / Elasticstack

  View on GitHub
  FIles and guides related to using Elasticstack as a SIEM
  ☆12May 16, 2020Updated 5 years ago
• Intrinsec / mplog_parser

  View on GitHub
  This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.
  ☆21Sep 30, 2022Updated 3 years ago
• SadProcessor / EzETW

  View on GitHub
  Cmdlets for capturing Windows Events
  ☆14Mar 11, 2022Updated 3 years ago
• secureworks / primary-refresh-token-viewer

  View on GitHub
  ☆11Oct 24, 2022Updated 3 years ago
• PSSecTools / JEAnalyzer

  View on GitHub
  Simplifies the implementation of Just Enough Administration by providing functions to convert Code, ScriptBlocks or Scripts into JEA role…
  ☆32May 7, 2025Updated 9 months ago
• ydkhatri / Appx-Analysis

  View on GitHub
  Scripts and tools created for appx analysis talk (Magnet summit 2019)
  ☆19Feb 26, 2024Updated last year
• tstillz / cbr-timeliner

  View on GitHub
  Quick script to build host or investigation timelines using Carbon Black Response
  ☆12Sep 25, 2018Updated 7 years ago
• brianreitz / awesome-blueteam

  View on GitHub
  A list of resources to build a information security team.
  ☆13Feb 10, 2021Updated 5 years ago
• FrankMcGovern / Hidden-Vendor-Security-Advisories

  View on GitHub
  This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…
  ☆32May 11, 2024Updated last year
• Abyss-W4tcher / volatility-scripts

  View on GitHub
  This repository contains a variety of plugins and scripts, related to the Volatility framework.
  ☆17Feb 9, 2025Updated last year
• RandomRhythm / mal2csv

  View on GitHub
  Malformed Access Log to CSV - Convert Web Server Access Logs to CSV
  ☆18Sep 3, 2024Updated last year
• DeploymentBunny / PAWDeploy

  View on GitHub
  ☆18Jun 4, 2025Updated 8 months ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆50Sep 22, 2025Updated 4 months ago
• FalconForceTeam / FalconForge

  View on GitHub
  This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…
  ☆17Mar 10, 2023Updated 2 years ago
• wdormann / applywdac

  View on GitHub
  ☆38Mar 10, 2025Updated 11 months ago
• jsa2 / kql

  View on GitHub
  KQL for Azure Resource Manager and AppID search
  ☆23Aug 15, 2024Updated last year
• simeononsecurity / Windows-Defender-Application-Control-Hardening

  View on GitHub
  Harden Windows with Windows Defender Application Control (WDAC)
  ☆47Jul 26, 2024Updated last year
• JeffMichelmore / MDEKit

  View on GitHub
  ☆42Oct 11, 2023Updated 2 years ago
• olafhartong / SA-Threat-Hunting

  View on GitHub
  Splunk app for Threat hunting
  ☆15Nov 15, 2018Updated 7 years ago
• rtfmkiesel / loldrivers-client

  View on GitHub
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆89Dec 2, 2025Updated 2 months ago
• joesecurity / DocBleachShell

  View on GitHub
  DocBleachShell is the integration of the great DocBleach, https://github.com/docbleach/DocBleach Content Disarm and Reconstruction tool i…
  ☆21Jan 15, 2022Updated 4 years ago
• microsoft / MSEntraIDProtectionGuidance

  View on GitHub
  MS Entra ID Protection Guidance
  ☆22Apr 2, 2024Updated last year
• darkoperator / vscode-sysmon

  View on GitHub
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆54Jul 13, 2023Updated 2 years ago
• MicrosoftDocs / WDAC-Toolkit

  View on GitHub
  Documentation and tools to access Windows Defender Application Control (WDAC) technology.
  ☆254Feb 5, 2026Updated last week
• JesseEsquivel / MDATP

  View on GitHub
  Microsoft Defender Advanced Threat Protection
  ☆48Jan 28, 2026Updated 2 weeks ago
• bsi-group / officefileinfo

  View on GitHub
  officefileinfo is a python script to help analyse the newer Microsoft Office file formats. There are numerous tools for dealing with the …
  ☆16Apr 28, 2016Updated 9 years ago
• TheCloudScout / m365defender-adx

  View on GitHub
  ☆22Aug 29, 2023Updated 2 years ago
• dmb2168 / o365-appids

  View on GitHub
  ☆21Feb 10, 2021Updated 5 years ago
• daguy666 / Transit

  View on GitHub
  MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.
  ☆20Feb 20, 2020Updated 5 years ago
• Corissalea / KQL-and-Workbooks

  View on GitHub
  Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!
  ☆21Aug 23, 2024Updated last year
• keydet89 / Events-Ripper

  View on GitHub
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆89Feb 9, 2025Updated last year
• jschicht / Secure2Csv

  View on GitHub
  Decode security descriptors in $Secure on NTFS
  ☆22Feb 24, 2022Updated 3 years ago
• Kaidja / Defender-for-Endpoint

  View on GitHub
  Defender for Endpoint
  ☆28Jul 12, 2024Updated last year