A list of RMMs designed to be used in automation to build alerts

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…

Python library for connecting to CertStream

Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

Organised collection of common file extensions

Research into Undocumented Behavior of Azure AD Refresh Tokens

Microsoft Threat Intelligence Security Tools

Info related to the Outflank training: Microsoft Office Offensive Tradecraft

Great explanation of Process Hollowing (a Technique often used in Malware)

Six Degrees of Domain Admin

SQL powered operating system instrumentation, monitoring, and analytics.

A repository of sysmon configuration modules

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Identifies the bytes that Microsoft Defender flags on.

Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin privileges.

Main Rule Repository

Hunting queries and detections

Set of tools to analyze Windows sandboxes for exposed attack surface.

Re-play Security Events

🎞️ Converts an asciinema cast to an animated GIF.

🕳 godoh - A DNS-over-HTTPS C2

Example Windows Domain Controller

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.