Queries from the blog posts.

KQL Queries. Microsoft Defender, Microsoft Sentinel

A tool for checking if MFA is enabled on multiple Microsoft Services

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Bulk delete Threat Indicators

Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR

My personal work with Copilot for Security

Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

Security Scripts and Sources for daily usage.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.

C# KQL query engine with flexible I/O layers and visualization

Python3 o365 User Enumeration Tool

Feed of phish-domains found by Validin Threat Intelligince Platform

A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel

KQL queries for cyber defense and for solving daily issues

Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.

Small and highly portable detection tests based on MITRE's ATT&CK.

FrontLine, is here to support security professionals in swiftly evaluating Windows systems during a security incident. Featuring 25 informative text files, FrontLine provides crucial insights into …

A repository of advice and guides to share with friends and family who are concerned about their safety during online activities and the security of their devices.

Python Script for integrating IBM QRadar SIEM with Jira Ticketing System, in order to open tickets automatically on Jira.

This project aims to compare and evaluate the telemetry of various EDR products.

This repository contains a wide array of KQL Queries ready for you to easily copy, paste, and execute within Intune.

KQL for Azure Resource Manager and AppID search

MISP to Sentinel integration

This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.

The Greek version of Contract Killer

Takes a larger image and 'chops' it down to <= 3GB zips to traverse Windows Defender for Endpoint