elhoim
Follow
Stars
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
Collection of Microsoft Identity Threat Detection and Response resources.
An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.
Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
know the rules that have changed between 2 Sigma rules folder
This repo contains all my personal Sublime Security detection rules.
A python utility for creating timestamp heatmaps in ploty
Using plotly to perfom data visualization of ransomware leak site data
An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications
A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Pen Test Report Generation and Assessment Collaboration
Explore the GOAD Active Directory lab in 5 minutes with Adalanche
This is a collection of threat detection rules / rules engines that I have come across.
A repository to share publicly available Velociraptor detection content
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
A list of RMMs designed to be used in automation to build alerts
Finds shared attributes across multiple IP addresses by querying Censys
A standard for reducing log volume without sacrificing analytical capability
ScriptSentry finds misconfigured and dangerous logon scripts.