mevry's Stars
mandiant/gocrack
GoCrack is a management frontend for password cracking tools written in Go
Azure/securedworkstation
Intune managed Secured workstation
guyrleech/General-Scripts
Scripts for diagnosis, troubleshooting, automation, etc.
threathunters-io/laurel
Transform Linux Audit logs for SIEM usage
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
rod-trent/KQLMysteries
The collateral repository for The KQL Mysteries series
CyberCX-STA/PurpleOps
An open-source self-hosted purple team management web application.
last-byte/PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
rod-trent/MustLearnKQL
Code included as part of the MustLearnKQL blog series
cyb3rmik3/KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
garybushey/ProgrammingMicrosoftSentinel
Programming Microsoft Sentinel book
LearningKijo/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
dirkjanm/ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
Gerenios/AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
reprise99/Sentinel-Queries
Collection of KQL queries
mevry/O365ManagementAPI
Utility for interacting with the M365 Management API
jfjallid/go-secdump
Tool to remotely dump secrets from the Windows registry
austinsonger/Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
microsoft/MSLab
Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
cyb3rxp/awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
frankwxu/digital-forensics-lab
Free hands-on digital forensics labs for students and faculty
cybergoatpsyops/detections
Placeholder for my detection repo and misc detection engineering content
Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
dr4k0nia/tooling-playground
A collection of small scripts and tools for deobfuscation and malware analysis.
nathanmcnulty/nathanmcnulty
Bert-JanP/Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
cisagov/decider
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
correlatedsecurity/Awesome-SOAR
A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.
Azure/Azure-Sentinel-Notebooks
Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
jsecurity101/TelemetrySource