-
AzSentinelQueries Public
Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
-
TokenTacticsV2 Public
A fork of the great TokenTactics with support for CAE and token endpoint v2
-
-
-
MSRC-PatchReview Public
A PowerShell variant of the amazing patch_review.py by kevthehermit
-
XDRStoryParser Public
Visualize Microsoft Defender XDR process trees and security events
-
-
FORK-family-of-client-ids-research Public
Forked from secureworks/family-of-client-ids-researchResearch into Undocumented Behavior of Azure AD Refresh Tokens
Python MIT License UpdatedJun 24, 2025 -
KQLAnalyzer Public
Forked from FalconForceTeam/KQLAnalyzerREST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
-
SentinelARConverter Public
Sentinel Analytics Rule converter PowerShell module
-
microsoft-info Public
Forked from merill/microsoft-infoRepository hosting a list of Microsoft First party apps
PowerShell MIT License UpdatedJan 7, 2025 -
AADInternals Public
Forked from Gerenios/AADInternalsAADInternals PowerShell module for administering Azure AD and Office 365
-
Fork-PoCEntraDeviceComplianceBypass Public
Forked from zh54321/PoCEntraDeviceComplianceBypassSimple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy
-
Fork-FileRenameJunctionsEDRDisable Public
Forked from rad9800/FileRenameJunctionsEDRDisableC++ UpdatedDec 13, 2024 -
vscode-hugo Public
Forked from rndev-io/vscode-hugoVSCode integration with Hugo — static site generator
TypeScript MIT License UpdatedNov 20, 2024 -
XDRSchemaDocs Public
A website tracking the table schema of Microsoft XDR tables
4 UpdatedOct 19, 2024 -
A list of Entra ID (Azure AD) Audit event names and the corresponding Microsoft Graph Request Uri
-
CloudArchitektAzureSentinel Public
Forked from Cloud-Architekt/AzureSentinelSharing my KQL queries for Azure Sentinel
-
-
EntraIDPasskeyHelper Public
PowerShell module to manage the Entra ID device-bound passkey feature
-
Fork-BAADTokenBroker Public
Forked from secureworks/BAADTokenBrokerPowerShell Apache License 2.0 UpdatedApr 9, 2024 -
-
Azure-Sentinel Public
Forked from Azure/Azure-SentinelCloud-native SIEM for intelligent security analytics for your entire enterprise.
-
FalconHound Public
Forked from FalconForceTeam/FalconHoundFalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…
Go BSD 3-Clause "New" or "Revised" License UpdatedJan 11, 2024 -
GPOReport Public
A PowerShell function to search for specific group policy settings in all GPOs in a large enterprise environment
-
DefenderHarvester Public
Forked from olafhartong/DefenderHarvesterExpose a lot of MDE telemetry that is not easily accessible in any searchable form
-
-
deviceCode2WinHello Public
Forked from kiwids0220/deviceCode2WinHelloA small script that automates Entra ID persistence with Windows Hello For Business key
Python MIT License UpdatedOct 9, 2023 -
SentinelPesterFramework Public
Check you Sentinel environment using Pester infrastructure tests
-
MDTI-Solutions Public
Forked from Azure/MDTI-SolutionsRepository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product
{{ message }}