Collection of Microsoft Identity Threat Detection and Response resources.

An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifyin…

A graphical security analysis tool

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident resp…

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

A rewrite of YARA in Rust.

Multi-Cloud Security Auditing Tool

This repository contains a wide array of KQL Queries ready for you to easily copy, paste, and execute within Intune.

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.

Hardcore Debugging

30 days of Python programming challenge is a step-by-step guide to learn the Python programming language in 30 days. This challenge may take more than100 days, follow your own pace. These videos ma…

MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.

A library of reference materials, tools, and other resources to aid threat profiling, threat quantification, and cyber adversary defense

game of active directory

Security screening scripts

Slides of my public talks

This repository contains the research and components of our research into using Sigma for AWS Incident Response.

A list of cyber-chef recipes and curated links

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag…

Share your own Graph PowerShell samples in the Discussions tab.

Repository of attack and defensive information for Business Email Compromise investigations

This repo is about Active Directory Advanced Threat Hunting

Small, fast tool for performing reverse DNS lookups en masse.

Automated DLL Sideloading Tool With EDR Evasion Capabilities