A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Security tools for purple team, AI security, and M365/GWS. Authorized use only.

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

Everything about Microsoft Cloud Security!

A PowerShell script to audit privileged users in Microsoft Entra ID and Azure with detailed reporting

An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bicep) with PowerShell automation to streamline the deployment of Sentinel solutions, analytics rules, and workbooks.

All about Microsoft 365 Enterprise Mobility + Security (EMS)

⛳️ PASS: Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

A set of Power Automate flows that fetch the latest Microsoft Security News from various sources directly into your Teams chat or channels.

All you need to prepare for the Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) exam!

🪟🍭🖥️ A concise summary of Microsoft's products includes Azure, .NET, M365, Power Platform, Security, DevOps, Viva, and GitHub. The curricula are based on the Build 2023 challenge.

AD April ’26 Check0r is a read-only PowerShell tool to assess on-prem AD for the April 2026 Kerberos RC4→AES change. It inventories SPN accounts, flags risky msDS-SupportedEncryptionTypes/KDC overrides, and collects DC System readiness events (201–209) to predict breakage and guide fixes.

Autonomous AI Red Teaming laboratory validating the Microsoft AI Red Team Taxonomy using the PyRIT framework. Focused on Agentic AI security and strategic conversational persistence.

MCADDF - A holistic operational framework bridging the gap between on-prem Active Directory and Cloud-native (Entra ID/Azure) security. This repository provides a structured library of verified attack vectors and detection logic, organized via the SERVTEP ID system and mapped to the current MITRE ATT&CK landscape. Curated by Pchelnikau Artur.

KQL-Queries 🐙 provides ready KQL scripts for Microsoft Defender XDR threat hunting, helping security teams detect, investigate, and respond to threats.

✨ A linting tool for working with Microsoft Sentinel & Defender Advanced Hunting KQL

Welcome to my comprehensive cybersecurity documentation repository! This living knowledge base contains hands-on learning notes, practical tutorials, and reproducible lab playbooks covering modern cybersecurity domains.

kql and indicators-of-compromise sharing repository

🔧 Practice managing Microsoft 365, Entra ID, and Exchange with hands-on exercises in identity, access, and security to enhance your admin skills.