Extracted Yara rules from Windows Defender mpavbase and mpasbase

RPC Monitor tool based on Event Tracing for Windows

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

A blog where I write stuffs in order to understand them better.

Total Registry - enhanced Registry editor/viewer

Expriments

Automated Migration from 3rd party AV to Microsoft Defender AV

A repository for using windows event forwarding for incident detection and response

The FLARE team's open-source tool to identify capabilities in executable files.

MDATP

Sample queries for Advanced hunting in Microsoft 365 Defender

Collection of KQL queries

HardeningKitty and Windows Hardening Settings

Wrecking sandwich traders for fun and profit

Avalanche Builders Hub

An endeavor to create an analytics tool to democratize the information hedge funds are creating teams to collect.

Defences against Cobalt Strike

historical code from reddit.com

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Sample shell scripts for Intune admins.

a PowerShell module that allows you to impersonate the currently logged on user, while running PowerShell.exe as system.

Building an Active Directory domain and hacking it

Approve apps from windows context menu

Filament is a real-time physically based rendering engine for Android, iOS, Windows, Linux, macOS, and WebGL2

SMBExec C# module

A repository of sysmon configuration modules

DebugView++, collects, views, filters your application logs, and highlights information that is important to you!

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Adversary Tactics - PowerShell Training