A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365 Unified Audit Log.

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

Configuration files for the SOF-ELK VM

PowerShell tools to help defenders hunt smarter, hunt harder.

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

A tiny tool built to help AD Admins tame the Protected Users group.

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

A tiny tool to find and fix common misconfigurations in Active Directory-integrated DNS

BloodHound Attack Research Kit

A tool for auditing network shares in an Active Directory environment

My notes while studying for the PNPT from TCM Security.

My notes while studying for the PNPT from TCM Security.

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Creating a hardened "Blue Forest" with Server 2016/2019 Domain Controllers

A collection of Azure AD/Entra tools for offensive and defensive security purposes

MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.

Awesome list of keywords and artifacts for Threat Hunting sessions

Microsoft Architecture Icons compiled in PowerPoint

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Copy, export, import, delete, document and compare policies and profiles in Intune and Azure with PowerShell script and WPF UI. Import ADMX files and registry settings with ADMX ingestion. View and…

This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their corresponding ATT&CK techniques. The primary goal is to enh…

The "Monash Enterprise Access Model" (MEAM) is a model for tiering Active Directory that builds heavily on the Microsoft Enterprise Access Model.

Tool for creating reports on Entra ID Role Assignments

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project

A repository of my own Sigma detection rules.

Repo for Concierge AI dev work

Tools and Techniques for Red Team / Penetration Testing