Free, self-hosted M365 configuration drift monitoring. Baseline your tenant, detect changes at the property level, and restore in one click. For MSSPs and admins.

PowerShell-based Automation of Defender for Endpoint

sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Log Analytics Workspaces.

SKIPT is an initiative focus on detect different User Behaviours which can put the security of our systems in risk.

This repository contains resources for our Threat Intel Feeds solution.

Microsoft Defender for Cloud attack simulation toolkit

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

Additional resources to improve customer experience with Microsoft Defender for Identity

Microsoft Threat Intelligence

An open repo for Azure Monitor queries, workbooks, alerts and more

My useful KQL and Azure Monitor workbooks (Public)

Tooling for assessing an Azure AD tenant state and configuration

A guide to using Azure Data Explorer and KQL for DFIR

List of regex for scraping secret API keys and juicy information.

Cybersecurity Incident Response Plan

A couple of PowerShell scripts to extract MS Sentinel automation rules

Export Microsoft Sentinel artifacts like Analytical Rules, Hunting Queries, Workbooks in order to support new feature Repositories CI/CD Pipeline

Utility scripts that uses Microsoft.Graph PowerShell module to improve some recurring actions.

Signatures and IoCs from public Volexity blog posts.

Azure Sentinel Template parser

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

IMAP Brute force script, bypassing blocking by login with a valid account every fail attempt

A PowerShell script that automates the security assessment of Microsoft Active Directory environments.

A PowerShell script that automates the security assessment of Microsoft 365 environments.

A tool for checking if MFA is enabled on multiple Microsoft Services

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…