Deploy the AzTier project to your Entra tenant.

Azure administrative tiering based on known attack paths

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of U…

Discover gaps in Entra Conditional Access policies before attackers do

Technology and Security Fundamentals

Forensic Browser History Analyzer - Cross-platform browser history extractor (Chrome, Firefox, IE/Edge, Brave, Opera, Vivaldi)

All the deals for InfoSec related software/tools this Black Friday

Check is an advanced open source browser extension by CyberDrain that provides real-time protection against Microsoft 365 phishing attacks. Designed for enterprises and managed service providers, C…

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

A curated list of KAPE-related resources

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs t…

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Too…

Conference presentations

The Intune-Toolkit offers a basic & user-friendly interface to connect to Microsoft Graph, manage policy assignments, and handle backup and restore operations

KQL Queries. Microsoft Defender, Microsoft Sentinel

My OPML export from FreshRSS with my paid subscription feeds removed

Using Full Flash Update files to speed up Windows Deployment

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

External monitoring for organization assets

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.