rootsecdev / Presentations

Related projects: ⓘ

• reprise99 / 4688-sysmon
  ☆48Updated last year
• mr-r3b00t / KQL
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆10Updated 11 months ago
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆93Updated 2 months ago
• Bert-JanP / Sentinel-Automation
  Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
  ☆67Updated last month
• secureworks / primary-refresh-token-viewer
  ☆11Updated last year
• FuzzySecurity / SANS-HackFest-2023
  ☆46Updated 10 months ago
• sap8899 / Group3rExplorer
  Fun GUI for Group3rs output log
  ☆25Updated last year
• DefensiveOrigins / DO-LAB
  ☆42Updated 3 months ago
• secgroundzero / KQL_Reference_Manual
  ☆39Updated 3 years ago
• JeffMichelmore / MDEKit
  ☆40Updated 11 months ago
• Corissalea / KQL-and-EntraID-Workbooks
  Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!
  ☆20Updated 3 weeks ago
• GabrielDuschl / Automated-CME-Password-Spraying
  A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…
  ☆14Updated last year
• mvelazc0 / msInvader
  M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.
  ☆110Updated 4 months ago
• biffalo / easy-wins-endpoint-defense
  Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…
  ☆38Updated 5 months ago
• Ocel0tSec / AzureDump
  Powershell Script to enumerate AzureAD and output good data
  ☆14Updated 10 months ago
• improsec / 2Cloudz
  ☆22Updated 2 years ago
• securityjoes / Crowdstrike-Deploy
  The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆21Updated 3 weeks ago
• 0xAnalyst / DefenderATPQueries
  Hunting Queries for Defender ATP
  ☆70Updated last week
• msdirtbag / MicrosoftPurpleTeamToolkit
  ☆40Updated 5 months ago
• secureworks / TokenMan
  ☆99Updated last year
• sap8899 / reportly
  Reportly is an AzureAD user activity report tool.
  ☆88Updated last year
• nicolonsky / AzureAiTMFunction
  Azure AiTM Function PoC to phish Entra ID Credentials
  ☆17Updated 5 months ago
• Trimarc / Invoke-TrimarcADChecks
  The Invoke-TrimarcADChecks.ps1 PowerShell script is designed to gather data from a single domain AD forest based on our similar checks pe…
  ☆35Updated last year
• MHaggis / ASRGEN
  ASR Configurator, Essentials and Atomic Testing
  ☆32Updated 3 weeks ago
• TrimarcJake / BlueTuxedo
  A tiny tool to find and fix common misconfigurations in Active Directory-integrated DNS
  ☆76Updated 2 weeks ago
• m4nbat / KustQueryLanguage_kql
  Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting
  ☆54Updated this week
• olafhartong / WDACme
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆27Updated last year
• LearningKijo / ResearchDev
  ResearchDev - XDR & SIEM Detection
  ☆61Updated 5 months ago
• DebugPrivilege / RandomizedProjects
  Repository that contains random short projects like write-ups, PowerShell scripts, and more.
  ☆24Updated last month
• CTI-Driven / Microsoft-ASR-to-MITRE-ATTACK-Mapping-Project
  This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…
  ☆23Updated 2 weeks ago