Tony 's starred repositories
SansTerminalIndexer
Easily create index of your SANS books
Aurora-Incident-Response
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Business-Email-Compromise-Guide
The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions.
Office-365-Extractor
The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
DFIR-O365RC
PowerShell module for Office 365 and Azure log collection
sysmon-config
Sysmon configuration file template with default high-quality event tracing
Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
sansfor509
Public script from SANS FOR509 Enterprise Cloud Incident Response
practical-nlp-code
Official Repository for Code associated with 'Practical Natural Language Processing' book by O'Reilly Media
conti-leaks-englished
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.