Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, o…

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).

Collects LDAP Query Performance Events and analyzes them to CSV & Grid. Helps in identifying large or unusual LDAP queries, either for Threat Hunting or IT optimization

Turn PuTTY into an SSH login bruteforcing tool.

Fast Incident Response

Repository of attack and defensive information for Business Email Compromise investigations

Audit program for AzureAD

A collection of resources for Threat Hunters

DFIRTrack - The Incident Response Tracking Application

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

small python3 tool to check common vulnerabilities in SMTP servers

Create a local Kubernetes development environment on macOS or Windows and WSL2, including HTTPS/TLS and OAuth2/OIDC authentication.

AADInternals PowerShell module for administering Azure AD and Office 365

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Welcome to the Microsoft Defender for Cloud community repository

Azure AD Incident Response

Repository with Sample KQL Query examples for Threat Hunting

My Profile

All about ransomware notes and extension files.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Guides, articles, and a lot of Azure Monitor information

Microsoft Sentinel SOC Operations

Python3 tool to perform password spraying against Microsoft Online service using various methods