Fabian Bader's repositories
TokenTacticsV2
A fork of the great TokenTactics with support for CAE and token endpoint v2
SentinelARConverter
Sentinel Analytics Rule converter PowerShell module
AzSentinelQueries
Repository with Sentinel Analytics Rules and Hunting Queries
SentinelPesterFramework
Check you Sentinel environment using Pester infrastructure tests
EntraIDAuditLogToMicrosoftGraph
A list of Entra ID (Azure AD) Audit event names and the corresponding Microsoft Graph Request Uri
EntraID-ErrorCodes
Entra ID (Azure AD) error codes as JSON
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
PurpleElbeSecurityUserGroup
Purple Elbe Security User Group
CloudArchitektAzureSentinel
Sharing my KQL queries for Azure Sentinel
KQLAnalyzer
REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
MDE-AuditCheck
MDE relies on some of the Audit settings to be enabled
MDTI-Solutions
Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product
validate-detections
GitHub action for validating Microsoft Sentinel detection rules
AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
DefenderHarvester
Expose a lot of MDE telemetry that is not easily accessible in any searchable form
deviceCode2WinHello
A small script that automates Entra ID persistence with Windows Hello For Business key
FalconHound
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.
MDEASM-Solutions
Solutions developed by the MDEASM Customer Experience Engineering (CxE) Go-To Production (GTP) team for Azure MDEASM
microsoft-365-docs
This repo is used to host the source for the Microsoft 365 documentation on https://docs.microsoft.com.
microsoft-info
Repository hosting a list of Microsoft First party apps
TokenTactics
Azure JWT Token Manipulation Toolset