Pinned Repositories
AdminToolbox
Repository for the AdminToolbox PowerShell Modules
awesome-anti-forensic
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
awesome-threat-detection
A curated list of awesome threat detection and hunting resources
Azure-AD-Incident-Response-PowerShell-Module
The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
LAPSToolkit
Tool to audit and attack LAPS environments
Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
PowerShell
PowerShell for every system!
PowerShell-Scanners
A community repository of PowerShell Scanners for PDQ Inventory.
DragonsBlue's Repositories
DragonsBlue/AdminToolbox
Repository for the AdminToolbox PowerShell Modules
DragonsBlue/awesome-anti-forensic
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
DragonsBlue/Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
DragonsBlue/awesome-threat-detection
A curated list of awesome threat detection and hunting resources
DragonsBlue/Azure-AD-Incident-Response-PowerShell-Module
The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
DragonsBlue/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
DragonsBlue/LAPSToolkit
Tool to audit and attack LAPS environments
DragonsBlue/Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
DragonsBlue/PowerShell
PowerShell for every system!
DragonsBlue/PowerShell-Scanners
A community repository of PowerShell Scanners for PDQ Inventory.
DragonsBlue/cti
Cyber Threat Intelligence Repository expressed in STIX 2.0
DragonsBlue/ghidra
Ghidra is a software reverse engineering (SRE) framework
DragonsBlue/IntuneManagement
Copy, export, import, delete, document and compare policies and profiles in Intune and Azure with PowerShell script and WPF UI. Import ADMX files and registry settings with ADMX ingestion. View and edit PowerShell script.
DragonsBlue/Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
DragonsBlue/MicrosoftDefenderForEndpoint-PowerBI
A repo for sample MDATP Power BI Templates
DragonsBlue/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them
DragonsBlue/ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
DragonsBlue/PENTESTING-BIBLE
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
DragonsBlue/PersistenceSniper
Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.
DragonsBlue/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
DragonsBlue/SecCon-Framework
Security configuration is complex. With thousands of group policies available in Windows, choosing the “best” setting is difficult. It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of some security lockdowns. The SECCON Baselines divide configuration into Productivity Devices and Privileged Access Workstations. This document will focus on Productivity Devices (SECCON 5, 4, and 3). Microsoft’s current guidance on Privileged Access Workstations can be found at http://aka.ms/cyberpaw and as part of the Securing Privileged Access roadmap found at http://aka.ms/privsec.
DragonsBlue/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
DragonsBlue/Sentinel-Queries
Collection of KQL queries
DragonsBlue/Sentinel-SOC-101
Content and collateral for the Microsoft Sentinel SOC 101 series
DragonsBlue/SimpleBITSServer
A simple python implementation of a BITS server.
DragonsBlue/sysmon-config
Sysmon configuration file template with default high-quality event tracing