SV1's starred repositories
TotalRecall
This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
hackingthe.cloud
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
awesome-detection-engineering
Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.
FalconFriday
Hunting queries and detections
KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
PassTheCert
Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
Blacksmith
Building environments to replicate small networks and deploy applications
AtlasReaper
A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.
AD-Canaries
The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory Canary objects.
gssapi-abuse
A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
AutoAppDomainHijack
Automated .NET AppDomain hijack payload generation
azure-nuke
Remove all resources from an Azure Tenant and it's Subscriptions.
MsGraphFunzy
Scripts to interact with Microsoft Graph APIs
KQLAnalyzer
REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
Elasticsearch_rules
Elastic version of SOC prime watcher rules
Presentations
Presentations from Conferences
import-custom-bloodhound-queries
Import custom queries into BloodHound CE from a legacy BloodHound JSON file.
ludus_bloodhound_ce
An Ansible Role that installs Bloodhound CE on a Debian based system.
PetitSpoofer
From SeImpersonatePrivilege to SYSTEM.