EDR is powerful tool combines IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) capabilities into a single, efficient package. Leveraging PowerShell scripts, it continuously monitors network activity, isolates compromised machines.......
🕵️♂️ Hands-on threat hunting projects using Sentinel, MDE, and KQL. Includes queries, visualizations, and step-by-step analysis of suspicious activity.
Red Teaming Tactics and Techniques
Simple GUI for Microsoft Defender for Endpoint API machine actions in PowerShell.
Checks running processes for a list of potentially "risky" ones that should not be spawned by certain parent processes. If found, the results could indicate abnormal behavior.
Presentations
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
Sysmon EDR POC Build within Powershell to prove ability.
Add a description, image, and links to the edr topic page so that developers can more easily learn about it.
To associate your repository with the edr topic, visit your repo's landing page and select "manage topics."