olafhartong / WDACmeView external linksLinks
A WDAC configuration repository with the sole intention of enriching MDE
☆30Jun 18, 2025Updated 7 months ago
Alternatives and similar repositories for WDACme
Users that are interested in WDACme are comparing it to the libraries listed below
Sorting:
- ☆20May 30, 2025Updated 8 months ago
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆116Aug 19, 2025Updated 5 months ago
- some KQL Queries for Advanced Hunting☆58Updated this week
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- FIles and guides related to using Elasticstack as a SIEM☆12May 16, 2020Updated 5 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- ☆11Oct 24, 2022Updated 3 years ago
- Quick script to build host or investigation timelines using Carbon Black Response☆12Sep 25, 2018Updated 7 years ago
- A list of resources to build a information security team.☆13Feb 10, 2021Updated 5 years ago
- This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…☆32May 11, 2024Updated last year
- This repository contains a variety of plugins and scripts, related to the Volatility framework.☆17Feb 9, 2025Updated last year
- ☆18Jun 4, 2025Updated 8 months ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆50Sep 22, 2025Updated 4 months ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Mar 10, 2023Updated 2 years ago
- ☆38Mar 10, 2025Updated 11 months ago
- Splunk app for Threat hunting☆15Nov 15, 2018Updated 7 years ago
- KQL for Azure Resource Manager and AppID search☆23Aug 15, 2024Updated last year
- ☆42Oct 11, 2023Updated 2 years ago
- Harden Windows with Windows Defender Application Control (WDAC)☆47Jul 26, 2024Updated last year
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆89Dec 2, 2025Updated 2 months ago
- DocBleachShell is the integration of the great DocBleach, https://github.com/docbleach/DocBleach Content Disarm and Reconstruction tool i…☆21Jan 15, 2022Updated 4 years ago
- MS Entra ID Protection Guidance☆22Apr 2, 2024Updated last year
- Microsoft Defender Advanced Threat Protection☆48Jan 28, 2026Updated 2 weeks ago
- officefileinfo is a python script to help analyse the newer Microsoft Office file formats. There are numerous tools for dealing with the …☆16Apr 28, 2016Updated 9 years ago
- ☆22Aug 29, 2023Updated 2 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 5 years ago
- ☆21Feb 10, 2021Updated 5 years ago
- Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!☆21Aug 23, 2024Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆132Updated this week
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 3 years ago
- Tool for analysts to perform simultaneous lookups (IP, Domain, URL, MD5) against multiple data sources☆28Jan 27, 2017Updated 9 years ago
- Defender for Endpoint☆28Jul 12, 2024Updated last year
- ☆105Jul 5, 2025Updated 7 months ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- Speeds up the extraction of password hashes from ntds.dit files. For use with the ntdsxtract project or the dshash script☆27Feb 1, 2024Updated 2 years ago
- ☆28Jan 8, 2025Updated last year