Fabian Bader's starred repositories
awesome-incident-response
A curated list of tools for incident response
usbipd-win
Windows software for sharing locally connected USB devices to other machines, including Hyper-V guests and WSL 2.
timesketch
Collaborative forensic timeline analysis
ascii-image-converter
A cross-platform command-line tool to convert images into ascii art and print them on the console. Now supports braille art!
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
ADACLScanner
Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory
GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
Incident-Response-Powershell
PowerShell Digital Forensics & Incident Response Scripts.
powershell-yaml
PowerShell CmdLets for YAML format manipulation
XLL_Phishing
XLL Phishing Tradecraft
passkey-authenticator-aaguids
This repo contains a community sourced list of AAGUIDs for passkey authenticators to help with naming in end user management UIs
AntimalwareBlight
Execute PowerShell code at the antimalware-light protection level.
DefenderATPQueries
Hunting Queries for Defender ATP
AzureADJoinedMachinePTC
Tool to perform lateral movement between AAD joined devices
Tier0-User-Management
Maintain Tier 0 users. This script take care all Tier 0 users are in the correct OU or in the default user container and add the Kerberos Authentication policy to the user
AzureAiTMFunction
Azure AiTM Function PoC to phish Entra ID Credentials
intune-change-tracking
Track changes to Microsoft Intune via git and RSS
lilo-pulse-secure-decrypt
LILO based Pulse Secure appliance disk image decryptor
PSMSGraphBatchRequest
This Module assists the creation of Batch Requests for Microsoft Graph by converting PSObjects to JSON with proper schema validation