A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A comprehensive collection of Kusto Query Language (KQL) queries designed for security professionals to detect, hunt, and respond to cyber threats and incidents, covering areas like Detections, Digital Forensics, and Hunting by Entity (Device, Email, User), and including operational queries for incident management and analytics tuning.

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Windows network host hunting at scale!

SIEM Tactics, Techiques, and Procedures

This repo is about Active Directory Advanced Threat Hunting

A repository of sysmon configuration modules

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

Microsoft Sentinel SOC Operations

Check hashes, IPs and domains

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

PowerShell for Threat Management Explorer

Powershell script to help Speed ​​up Threat hunting incident response processes

Parses and Analyse Authentication on Windows Event Log

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

Security Event and Incident Management: A security software that helps recognize and address potential security threats and vulnerabilities.