Bob Uithoven's starred repositories
Awesome-KQL
Config files for my GitHub profile.
KustQueryLanguage_kql
Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting
KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
DefenderXDR-AdvancedHunting
Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)
SentinelAutomationModules
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
Getting-into-InfoSec-and-Cybersecurity
A shorter, less intimidating list of infosec resources helpful for anyone trying to learn.
TokenUniverse
An advanced tool for working with access tokens and Windows security policy.
M365ZeroTrust
Mindmaps for M365 Zero Trust
KQL-for-Everything
KQL example queries for working in Azure
Windows-authentication-brutforce-cheatsheet
Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
azure-sentinel-tools
A collection of scripts and works related to Azure Sentinel
Invoke-WCMDump
PowerShell Script to Dump Windows Credentials from the Credential Manager
Invoke-BSOD
For when you want a computer to be done - without admin!
MicroBurst
A collection of scripts for assessing Microsoft Azure security
MicrosoftSentinel-ShodanMonitor
Ingesting Shodan Monitor Alerts to Microsoft Sentinel
AzureSentinelMisc
Miscellaneous Azure Sentinel files that don't fall into other categories.
AzurePrivilegedIAM
Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra.
Live-Forensicator
A suite of Tools to aid Incidence Response and Live Forensics for - Windows (Powershell) | Linux (Bash) | MacOS (Shell)