Stars
A PowerShell GUI tool for efficiently managing and offboarding devices from Microsoft Intune, Autopilot, and Entra ID, featuring bulk operations and real-time analytics for streamlined device lifec…
Elastic Security detection content for Endpoint
Azure Managed Identity Permissions Tool, a new PowerShell tool that simplifies and streamlines the management of Managed Identity permissions in Azure (Entra ID)
Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration).
Invictus Threat Intelligence: IOCs and TTPs from blogs, research and more
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of U…
A Gutenberg code block with syntax highlighting powered by VS Code
PSDuckDB is a PowerShell module that provides seamless integration with DuckDB, enabling efficient execution of analytical SQL queries directly from the PowerShell environment.
Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily
Control the power of Ulanzi TC001 Smart Pixel clock and similar self build matrix clocks with powershell
When good OAuth apps go rogue. Documents observed OAuth application tradecraft
Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.
PowerShell module to import/export Excel spreadsheets, without Excel
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Visually explore all running tasks (processes) ....viewing its signature status, loaded dylibs, open files, network connection, and much more.
WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!
Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
stuartjash / aftermath
Forked from jamf/aftermathAftermath is a free macOS incident response framework
PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
Windows Cyber Security Incident Response Script