Automation for internal Windows Penetrationtest / AD-Security

Pester is the ubiquitous test and mock framework for PowerShell.

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…

A repository of sysmon configuration modules

A PowerShell module to show file and folder icons in the terminal

PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)

A PowerShell script to download Windows or UEFI Shell ISOs

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

HardeningKitty and Windows Hardening Settings

Automation to assess the state of your M365 tenant against CISA's baselines

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

Remote Desktop entirely coded in PowerShell.

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to…

Re-play Security Events

A tool for checking if MFA is enabled on multiple Microsoft Services

A Powershell incident response framework

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them.

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Microsoft signed ActiveDirectory PowerShell module

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

🔧 🔨 A set of PowerShell functions you might use to enhance your own functions and scripts or to facilitate working in the console. Most should work in both Windows PowerShell and PowerShell 7, even…

Tool to audit and attack LAPS environments

Powershell Based tool for gathering information related to O365 intrusions and potential Breaches

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)