dvi23 Goto Github PK

ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

kql

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

kql-for-dfir

A guide to using Azure Data Explorer and KQL for DFIR

kql-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

linux-hardening-checklist

Simple checklist to help you deploying the most important areas of the GNU/Linux production systems - work in progress.

malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

mantis

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

mde-dfir-resources

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

mde-quickstart

MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore

microsoft-365-defender-hunting-queries

Sample queries for Advanced hunting in Microsoft 365 Defender

microsoft-analyzer-suite

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

microsoftpurpleteamtoolkit

microsoftsentinel-azureopenai-ir-helper-playbook

microsoftsentinel-chatgpt-playbook

monkey365

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews.

msidentitytools

Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.

mustlearnkql

Code included as part of the MustLearnKQL blog series

neuvector

o365scripts

O365 Scripts

objectify-s3

Objectify-s3 is a tool that recursively checks AWS S3 buckets and objects for misconfigured permissions.

osce3-complete-guide

OSWE, OSEP, OSED, OSEE

oscp

OSCP Cheat Sheet

osintko

OSINTk.o is a customized Kali Linux-based ISO image with pre-installed packages and scripts

pentestmuse

power-platform

Documentation for Microsoft Power Platform

powerforensics

PowerForensics provides an all in one platform for live disk forensic analysis

powershell

PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)

powershell-scripts_admin_audit

Office 365 Reporting PowerShell Scripts

programmingmicrosoftsentinel

Programming Microsoft Sentinel book

prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more