ktb-jcm's Stars
vxunderground/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages.
zolderio/misp-to-sentinel
Azure function to insert MISP data in to Azure Sentinel
davehull/Kansa
A Powershell incident response framework
microsoft/OMS-Agent-for-Linux
maxmind/geoip-api-c
DEPRECATED GeoIP Legacy C API
maxmind/MaxMind-DB-Reader-php
PHP Reader for the MaxMind DB Database Format
cylaris/awesomekql
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
atc-project/atomic-threat-coverage
Actionable analytics designed to combat threats
SwiftOnSecurity/SwiftFilter
Exchange Transport rules to detect and enable response to phishing
OfficeDev/O365-ActivityFeed-AzureFunction
Azure function that processes incoming notifications from the O365 Activity API
cyberark/BlobHunter
Find exposed data in Azure with this public blob scanner
RH-ISAC/misp-docker
MISP Docker (XME edition)
RH-ISAC/PyOTI
Python library for threat intelligence
microsoft/Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
miladaslaner/AdvHuntingCheatSheet
Microsoft Threat Protection Advance Hunting Cheat Sheet
andrewsmhay/web2intel
microsoft/PowerToys
Windows system utilities to maximize productivity
MITRECND/chopshop
Protocol Analysis/Decoder Framework
kbandla/APTnotes
Various public documents, whitepapers and articles about APT campaigns
vz-risk/veris
Vocabulary for Event Recording and Incident Sharing (VERIS)
swimlane/pyattck
A Python package to interact with the Mitre ATT&CK Framework
reprise99/Sentinel-Queries
Collection of KQL queries
rabobank-cdc/DeTTECT
Detect Tactics, Techniques & Combat Threats
cfalta/MicrosoftWontFixList
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
wortell/AZSentinel
PowerShell module for Azure Sentinel
ManagedSentinel/AzureSentinelKQLScripts
Various tools used to monitor and troubleshoot Azure Sentinel data
Azure/Azure-Sentinel-Notebooks
Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
Azure/Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
javiersoriano/sentinelascode
Enable the automatic deployment of Azure Sentinel using code