tomwechsler / Threat_Hunting_with_PowerShell

Related projects: ⓘ

• dwmetz / QuickPcap
  A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
  ☆40Updated last year
• Trimarc / Invoke-TrimarcADChecks
  The Invoke-TrimarcADChecks.ps1 PowerShell script is designed to gather data from a single domain AD forest based on our similar checks pe…
  ☆35Updated last year
• mdecrevoisier / Windows-WEC-server_auto-deploy
  PowerShell scripts for fast Windows Event Collector configuration with Palantir toolset
  ☆21Updated 2 years ago
• Trimarc / Locksmith
  A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services
  ☆16Updated last month
• Truvis / Sentinel
  ☆25Updated 3 weeks ago
• olafhartong / WDACme
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆27Updated last year
• reprise99 / 4688-sysmon
  ☆48Updated last year
• ryanries / ADTV
  ☆22Updated this week
• MHaggis / ASRGEN
  ASR Configurator, Essentials and Atomic Testing
  ☆32Updated 3 weeks ago
• TrimarcJake / PowerPUG
  A tiny tool built to help AD Admins safely utilize the Protected Users group.
  ☆16Updated 3 weeks ago
• gtworek / SysvolExplorer
  Active Directory Group Policy analyzer
  ☆13Updated 5 years ago
• MotiBa / AppLocker
  AppLocker hardening policies
  ☆24Updated 6 years ago
• GabrielDuschl / Automated-CME-Password-Spraying
  A script designed to test passwords against user accounts within an Active Directory environment, offering customizable Account Lockout T…
  ☆14Updated last year
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆73Updated last month
• TheCloudScout / m365defender-adx
  ☆13Updated last year
• humio / security_monitoring
  ☆40Updated last year
• YossiSassi / hAcKtive-Directory-Forensics
  ☆45Updated last year
• mandiant / citrix-ioc-scanner-cve-2023-3519
  ☆65Updated last year
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆93Updated 2 months ago
• eshlomo1 / Azure-AD-Incident-Response
  Azure AD Incident Response
  ☆24Updated 2 years ago
• DebugPrivilege / Azure-Sentinel
  ☆13Updated this week
• FalconForceTeam / FalconForge
  This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…
  ☆15Updated last year
• ugurkocde / KQL-Search
  ☆29Updated last year
• zaneGittins / Huntress
  PowerShell tool to triage systems
  ☆12Updated last year
• PaulHCode / RecurringADChecks
  ☆13Updated 2 years ago
• Kaidja / EntraID
  Automation around Entra ID
  ☆33Updated 2 months ago
• p0w3rsh3ll / SEC505
  ☆47Updated 4 years ago
• invictus-ir / Blue-team-app-Office-365-and-Azure
  ☆68Updated last year
• Starke427 / Windows-Security-Policy
  Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.
  ☆9Updated 4 years ago
• JeffMichelmore / MDEKit
  ☆40Updated 11 months ago