Michalis Michalos's repositories
KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
MDE-DFIR-Resources
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Hunting-Lists
A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.
DFIR-Notes
Cheat sheet on memory forensics using various tools such as volatility.
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
bsidesath2021
References used to prepare and deliver presentation "Cyber resilience: Awareness is not enough" at Security BSides Athens 2021.
Open-Source-Threat-Intel-Feeds
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
presentations
A repository for notes and references of presentations.