FalconForce's repositories
FalconHound
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.
FalconFriday
Hunting queries and detections
BOF2shellcode
POC tool to convert CobaltStrike BOF files to raw shellcode
SysWhispers2BOF
Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
KQLAnalyzer
REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
FalconForge
This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365 Defender products.
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
ParrotForce
Azure playbook for automatic evidence collection
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
AzureHoundAutoCollect
Some plumbing to automate the collection of AzureHound