Cloud Offensive Breach and Risk Assessment (COBRA) Tool

Analyses Azure AD users to make recommendations on how to improve each user's MFA configuration. Can target a group by ObjectId or analyse all users in a tenant. Can add user-specific location info…

Automation to assess the state of your M365 tenant against CISA's baselines

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

AzureGoat : A Damn Vulnerable Azure Infrastructure

Assess Azure Security State

PowerShell framework to assess Azure security

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

Configurations for the GraphAPI with recommendations for Azure AD Conditional Access Policies, Groups, Endpoint Manager (Intune) Application and Device Policies, in an Azure DevOps CI/CD Pipeline

Validate and translate regular Tabular models in Push Datasets, also providing helper functions to clear, populate, and simulate real-time transactions.

Additional resources to improve customer experience with Microsoft Defender for Identity

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

AADInternals PowerShell module for administering Azure AD and Office 365

PowerShell module for Office 365 and Azure log collection

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Completed project for Build Python apps with Microsoft Graph

Official ProtonVPN Linux app (CLI)

kubeaudit helps you audit your Kubernetes clusters against common security controls

Tool for auditing RBACs in Kubernetes

Kubernetes Security - Best Practice Guide

Kubernetes security notes and best practices

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Kubernetes Security Training Platform - focusing on security mitigation

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.

500+ PowerShell sample scripts (.ps1) for every system!