A WDAC configuration repository with the sole intention of enriching MDE
☆30Jun 18, 2025Updated 8 months ago
Alternatives and similar repositories for WDACme
Users that are interested in WDACme are comparing it to the libraries listed below
Sorting:
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- ☆20May 30, 2025Updated 9 months ago
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆119Aug 19, 2025Updated 6 months ago
- FIles and guides related to using Elasticstack as a SIEM☆12May 16, 2020Updated 5 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- some KQL Queries for Advanced Hunting☆69Updated this week
- ☆11Oct 24, 2022Updated 3 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- Simplifies the implementation of Just Enough Administration by providing functions to convert Code, ScriptBlocks or Scripts into JEA role…☆32May 7, 2025Updated 10 months ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆19Feb 26, 2024Updated 2 years ago
- Quick script to build host or investigation timelines using Carbon Black Response☆12Sep 25, 2018Updated 7 years ago
- This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…☆32May 11, 2024Updated last year
- This repository contains a variety of plugins and scripts, related to the Volatility framework.☆17Feb 9, 2025Updated last year
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- ☆18Jun 4, 2025Updated 9 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆51Sep 22, 2025Updated 5 months ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Mar 10, 2023Updated 2 years ago
- ☆38Mar 10, 2025Updated 11 months ago
- Harden Windows with Windows Defender Application Control (WDAC)☆48Jul 26, 2024Updated last year
- ☆43Oct 11, 2023Updated 2 years ago
- KQL for Azure Resource Manager and AppID search☆23Aug 15, 2024Updated last year
- Splunk app for Threat hunting☆15Nov 15, 2018Updated 7 years ago
- DocBleachShell is the integration of the great DocBleach, https://github.com/docbleach/DocBleach Content Disarm and Reconstruction tool i…☆21Jan 15, 2022Updated 4 years ago
- MS Entra ID Protection Guidance☆22Apr 2, 2024Updated last year
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Jul 13, 2023Updated 2 years ago
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆258Feb 5, 2026Updated last month
- Microsoft Defender Advanced Threat Protection☆49Jan 28, 2026Updated last month
- ☆22Aug 29, 2023Updated 2 years ago
- officefileinfo is a python script to help analyse the newer Microsoft Office file formats. There are numerous tools for dealing with the …☆16Apr 28, 2016Updated 9 years ago
- ☆21Feb 10, 2021Updated 5 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 6 years ago
- Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!☆21Aug 23, 2024Updated last year
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆133Feb 10, 2026Updated 3 weeks ago
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 4 years ago
- ☆105Jul 5, 2025Updated 8 months ago
- Tool for analysts to perform simultaneous lookups (IP, Domain, URL, MD5) against multiple data sources☆28Jan 27, 2017Updated 9 years ago
- Defender for Endpoint☆28Jul 12, 2024Updated last year
- ☆24Mar 25, 2025Updated 11 months ago