cato's starred repositories
Microsoft-Defender-for-Cloud
Welcome to the Microsoft Defender for Cloud community repository
Microsoft-365-Defender-Hunting-Queries
Sample queries for Advanced hunting in Microsoft 365 Defender
Microsoft365DSC
Manages, configures, extracts and monitors Microsoft 365 tenant configurations
unifios-utilities
A collection of enhancements for UnifiOS based devices
cyberchef-recipes
A list of cyber-chef recipes and curated links
awesome-red-teaming
List of red team resources
Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Starkiller
Starkiller is a Frontend for PowerShell Empire.
winget-cli
WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
FalconFriday
Hunting queries and detections
MustLearnKQL
Code included as part of the MustLearnKQL blog series
Sentinel-Queries
Collection of KQL queries
SOC-OpenSource
This is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture.
powershell-intune-samples
This repository of PowerShell sample scripts show how to access Intune service resources. They demonstrate this by making HTTPS RESTful API requests to the Microsoft Graph API from PowerShell.
DFIR-Reference-Frameworks
Repository of public reference frameworks for the DFIR community.
awesome-incident-response
A curated list of tools for incident response
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.