Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques

Serverless AITM Simulation Framework for Entra ID and M365

A PowerShell module for the Defender XDR portal

A PowerShell variant of the amazing patch_review.py by kevthehermit

A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

Defener goodies

ASR Configurator, Essentials and Atomic Testing

Conditional Access baseline for March 2025

Velociraptor Server hosted in Azure App Service

Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc)

Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration).

PowerShell tools to help defenders hunt smarter, hunt harder.

This repository contains a wide array of KQL Queries ready for you to easily copy, paste, and execute within Intune.

A website tracking the table schema of Microsoft XDR tables

Office 365 Reporting PowerShell Scripts

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Automatically created C2 Feeds

A repository of sysmon configuration modules

Azure Security Resources and Notes

Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

Live Feed of C2 servers, tools, and botnets

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Sharing my KQL queries for Azure Sentinel

Hardcore Debugging

Hunting Queries for Defender ATP