💾 Patches to add save state support to Game Boy games when playing on the original hardware

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Table of AD and Azure assets and whether they belong to Tier Zero

PowerShell module to import/export Excel spreadsheets, without Excel

Report of M365 3rd party EWS applications using accounts that have the ApplicationImpersonation RBAC role assigned

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callb…

game of active directory

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

Automatic Microsoft 365 Documentation to simplify the life of admins and consultants.

NukeAMSI is a powerful tool designed to neutralize the Antimalware Scan Interface (AMSI) in Windows environments.

Azure Managed Identity Permissions Tool, a new PowerShell tool that simplifies and streamlines the management of Managed Identity permissions in Azure (Entra ID)

ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.

Nuke It From Orbit - remove AV/EDR with physical access

PowerShell Module for checking SPF, DKIM and DMARC-record.

Identify the attack paths in BloodHound breaking your AD tiering

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

RFC (Request for Comments) documents for community feedback on design changes and improvements to PowerShell ecosystem

👻 PwshSpectreConsole is a PowerShell wrapper for the awesome Spectre.Console library

🛡 KB Viewer, Saver, Installer and Uninstaller

BloodHound Attack Research Kit

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

PnP PowerShell

Extract credentials from lsass remotely

A minimalist, responsive hugo theme inspired by terminal ricing aesthetics.

Exchange privilege escalations to Active Directory

The IntuneBulkMaster provides a set of functions for managing and interacting with Microsoft Intune. It is designed to perform bulk operations on Intune-managed devices, such as rebooting, collecti…

Microsoft Defender for Endpoint Device Control tools, samples, and resources.