xg5-simon/MS-Graph-BlueTeam external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

xg5-simon/MS-Graph-BlueTeam

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xg5-simon/MS-Graph-BlueTeam)

Close

xg5-simon / MS-Graph-BlueTeamView on GitHubMore

• External links
• Readme badge

MS Graph Commands and Tools for Blue Teamers

☆51Feb 4, 2026Updated 3 months ago

Alternatives and similar repositories for MS-Graph-BlueTeam

Users that are interested in MS-Graph-BlueTeam are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• matthw / malware_analysis

  View on GitHub
  ☆18Mar 26, 2024Updated 2 years ago
• muchdogesec / sigma2stix

  View on GitHub
  ⚠️ ARCHIVED**: This repository is no longer actively maintained. All Sigma rules are now managed and available in SIEM Rules
  ☆12Mar 19, 2026Updated last month
• Abjuri5t / SarlackLab

  View on GitHub
  ☆34Updated this week
• nov3mb3r / trident

  View on GitHub
  A PowerShell incident response script for quick triage
  ☆81Jul 18, 2022Updated 3 years ago
• dougsbaker / CA-Export

  View on GitHub
  ☆50Apr 28, 2025Updated last year
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• uniQuk / caReports

  View on GitHub
  Conditional Access Reporting
  ☆29Apr 4, 2025Updated last year
• tomwechsler / Microsoft_365_Certified_Enterprise_Administrator_Expert

  View on GitHub
  The repository for exam preparation for Microsoft 365 Certified: Enterprise Administrator Expert!
  ☆14Apr 27, 2023Updated 3 years ago
• PlayExploits / CTF-S----challenges-pico-htb-ringzer0-etc

  View on GitHub
  This is the ringzer0 writeup of web exploitation catagery. The name is "Word mean something"
  ☆14Dec 8, 2023Updated 2 years ago
• christosgalano / sKaleQL

  View on GitHub
  sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…
  ☆20May 20, 2025Updated 11 months ago
• f-bader / EntraIDAuditLogToMicrosoftGraph

  View on GitHub
  A list of Entra ID (Azure AD) Audit event names and the corresponding Microsoft Graph Request Uri
  ☆42Sep 27, 2024Updated last year
• robotrapta / garden-watcher

  View on GitHub
  Artificial Dog to bark at deer and other garden pests using Raspberry Pi and Groundlight
  ☆13Jun 19, 2024Updated last year
• optiv / evilginx2

  View on GitHub
  Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …
  ☆11Mar 22, 2021Updated 5 years ago
• Azure / MDTI-Solutions

  View on GitHub
  Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product
  ☆81Sep 9, 2024Updated last year
• cyb3rmik3 / MDE-DFIR-Resources

  View on GitHub
  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …
  ☆468Feb 18, 2026Updated 2 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• stuartjash / aftermath

  View on GitHub
  Aftermath is a free macOS incident response framework
  ☆34Sep 25, 2025Updated 7 months ago
• Neo23x0 / Talks

  View on GitHub
  Slides of my public talks
  ☆63Feb 20, 2026Updated 2 months ago
• MINAD0 / XML-RPC-Check

  View on GitHub
  XML-RPC Vulnerability Checker and Directory Fuzzer
  ☆22Sep 28, 2023Updated 2 years ago
• raphaeldelio / bluesky-bot

  View on GitHub
  ☆17Feb 24, 2025Updated last year
• tsale / TA_tooling

  View on GitHub
  ☆10Dec 24, 2022Updated 3 years ago
• 0x0v1 / MalwareRETools

  View on GitHub
  A repo containing some tooling build to assist with reverse engineering malware samples
  ☆15Jul 22, 2023Updated 2 years ago
• utwente-scs / misdet-code

  View on GitHub
  ☆16Sep 12, 2022Updated 3 years ago
• PuravsPoint / DecipheringUAL

  View on GitHub
  This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365…
  ☆64May 12, 2024Updated last year
• frikky / hive4go

  View on GitHub
  A Golang API for TheHive
  ☆13Sep 3, 2020Updated 5 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• DevClate / 365AutomatedLab

  View on GitHub
  This module will create a Microsoft 365 Test Environment
  ☆105Feb 27, 2025Updated last year
• tomwechsler / Active_Directory_Advanced_Threat_Hunting

  View on GitHub
  This repo is about Active Directory Advanced Threat Hunting
  ☆650Feb 17, 2025Updated last year
• MHaggis / PowerShell-Hunter

  View on GitHub
  PowerShell tools to help defenders hunt smarter, hunt harder.
  ☆479Oct 29, 2025Updated 6 months ago
• AzureAD / Azure-AD-Incident-Response-PowerShell-Module

  View on GitHub
  The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…
  ☆453Jun 16, 2023Updated 2 years ago
• gatete / DomainTrail

  View on GitHub
  DomainTrail is a fast subdomain enumeration tool that uses effective passive and active techniques.
  ☆41Apr 18, 2024Updated 2 years ago
• olafhartong / DefenderHarvester

  View on GitHub
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆119Aug 19, 2025Updated 8 months ago
• Levi597 / HHbackdoor-V0.3

  View on GitHub
  Only for educational purposes
  ☆12Jun 17, 2023Updated 2 years ago
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆17Nov 7, 2025Updated 5 months ago
• HackingLZ / TomcatBackdoorPoC

  View on GitHub
  Tomcat backdoor based on CS blog
  ☆29Jun 30, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• embee-research / Icedid-file-decryptor

  View on GitHub
  Static Decryptor for IcedID Malware
  ☆18Oct 1, 2022Updated 3 years ago
• xaitax / PatchaPalooza

  View on GitHub
  A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
  ☆195Feb 24, 2026Updated 2 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Apr 1, 2026Updated last month
• tomwechsler / Microsoft_365_Certified_Modern_Desktop_Administrator_Associate

  View on GitHub
  Everything you need to prepare for the Microsoft 365 Certified: Endpoint Administrator Associate!
  ☆26Dec 16, 2023Updated 2 years ago
• redteamertips / DinvokeDupetokenAndThreadSwitcheroo

  View on GitHub
  ☆26May 22, 2021Updated 4 years ago
• jonny-jhnson / PowerParse

  View on GitHub
  PowerShell PE Parser
  ☆63Jun 28, 2024Updated last year
• AttacktheSOC / Azure-SecOps

  View on GitHub
  Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc)
  ☆81Apr 12, 2026Updated 3 weeks ago