Kamil Baczyk's repositories
100DaysOfIaC
100 Days of IaC in Azure
AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
azure-blob-storage-malware-scan
Sample code which allows scanning azure blobs for Malware
Azure-MG-Sub-Governance-Reporting
AzGovViz (Azure Governance Visualizer) is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM and Microsoft Graph APIs. From the collected data AzGovViz provides visibility on your HierarchyMap, creates a TenantSummary, creates DefinitionInsights and builds granular ScopeInsights on Management Groups and Subscriptions.
Azure-Sentinel-Notebooks
Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
AzureRBAC
Docs and samples about privileged identity and access management in Azure
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
CloudAdoptionFramework
Code samples and extended documentation to support the guidance provided in the Microsoft Cloud Adoption Framework
CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
cloudsploit
Cloud Security Posture Management (CSPM)
DockerSecurityPlayground
A Microservices-based framework for the study of Network Security and Penetration Test techniques
Exe-Spy
ExeSpy is a cross-platform PE viewer for EXE and DLL files
MDATP
Microsoft Defender Advanced Threat Protection - Resource Hub
microservices-demo
Deployment scripts & config for Sock Shop
msportals.io
Microsoft Administrator Sites
OSSEM
Open Source Security Events Metadata (OSSEM)
powerapps-tools
Unsupported PowerApps Tools & Apps
red_team_attack_lab
Red Team Attack Lab for TTP testing & research
ROADtools
The Azure AD exploration framework.
SecurityBenchmarks
Supplemental information and resources for the Security Benchmark documentation available at https://docs.microsoft.com/azure/security/benchmarks/.
sentinelascode
Enable the automatic deployment of Azure Sentinel using code
SentinelWorkbooks
Workbooks for Azure Sentinel
sigma
Generic Signature Format for SIEM Systems
spl-to-kql
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects