| [Attack][AD] |
improsec.com Attack Trusted Domain |
| [Attack][AD] |
Orange-Cyberdefense/arsenal
Orange-Cyberdefense/arsenal Pentest AD Mindmap
Orange-Cyberdefense/arsenal Pentest Exchange Mindmap |
| [Attack][AD] |
ShutdownRepo/The-Hacker-Recipes |
| [Attack][AD] |
pentestlab.blog Introduction Golden Certificate |
| [Attack][AD] |
zer1t0.gitlab.io Attack AD |
| [Attack][AD] |
gtworek/Priv2Admin
PE scmanager |
| [Attack][AD] |
Tweet @4ndr3w6S NetSync Domain Controllers |
[Attack][AD]
[Attack][AD][Tool] |
www.wietzebeukema.nl Windows Command Line Obfuscation
wietze/windows-command-line-obfuscation |
| [Attack][AD][Tool] |
lkarlslund/ldapnomnom |
| [Attack][Azure] |
NetSPI/MicroBurst |
| [Attack][Azure] |
mandiant/Azure_Workshop
mandiant/Azure_Workshop Setup Video |
| [Attack][Azure] |
rootsecdev/Azure-Red-Team |
| [Attack][Azure] |
posts.specterops.io Abuse Azure Container Registry Tasks |
| [Attack][Azure] |
cloudbrothers.info Azure Dominance Paths |
| [Attack][Azure] |
misconfig.io Attack Azure Storage |
| [Attack][Entra ID] |
o365blog.com Faking Device Compliance |
| [Attack][Kubernetes][Tool] |
KubeHound |
| [Attack][Microsoft 365][Tool] |
nheiniger/SnaffPoint |
| [Attack][Tool] |
optiv/Freeze |
| [Attack][Tool] |
D1rkMtr/VirusTotalC2 |
| [Attack][Collection] |
swisskyrepo.github.io PayloadsAllTheThingsWeb |
| [Attack][Collection] |
Flangvik/SharpCollection |
| [Attack][Collection][Simulation] |
gtworek/psbits |
| [Attack][Collection] |
0x4143/malware-gems |
| [Attack][Defense][Collection] |
https://start.me/p/OmOrJb/threat-hunting |
| [Defense][AD] |
www.jpcert.or.jp Detecting Lateral Movement |
| [Defense][AD] |
@PyroTek3 Tweet AD Defense |
| [Defense][AD] |
@_wald0 Tweet AD Defense Kerberoasting |
| [Defense][AD] |
trimarcsecurity.com AD Security Review |
| [Defense][AD] |
@NathanMcNulty Tweet Code Integrity Guard |
| [Defense][AD] |
learn.microsoft.com Monitoring Active Directory for Signs of Compromise |
| [Defense][AD][RDP][Defender for Identity] |
Defend against RDP attempts |
| [Defense][Azure] |
microsoft.github.io/Azure-Threat-Research-Matrix |
| [Defense][Azure] |
inversecos.com Attack Matrix Microsoft 365 |
| [Defense][Azure] |
misconfig.io Azure Misconfiguration Risks |
| [Defense][Collection] |
mthcht/awesome-lists |
| [Defense][Detection] |
mitre-attack/car |
| [Defense][Detection] |
www.lares.com Lateral Movement |
| [Defense][Detection] |
OTRF/ThreatHunter-Playbook |
| [Defense][Detection] |
OTRF/Security-Datasets |
| [Defense][Detection] |
Azure/Cloud-Katana |
| [Defense][Detection] |
lots-project.com Legitimate domains used by attackers |
| [Defense][Detection] |
filesec.io File extensions used by attackers |
| [Defense][Detection][Collection] |
elastic/protections-artifacts |
| [Defense][DF][Entra ID][MFA] |
Tweet @malmoeb |
| [Defense][DF][Azure][Tool] |
darkquasar/AzureHunter |
| [Defense][DF][Defender for Endpoint] |
Tweet @SecurityAura |
| [Defense][DF][Email] |
digitalinvestigator.blogspot.com Email Forensic Analysis |
| [Defense][DF][File] |
zeltser.com Cheat Sheet Analysis malicious documents
zeltser.com Cheat Sheet Analysis malicious software |
| [Defense][DF][File][Tool] |
app.threat.zone/scan |
| [Defense][DF] |
misconfig.io Azure DFIR VM |
| [Defense][Entra ID] |
Cloud-Architekt/AzureAD-Attack-Defense |
| [Defense][Entra ID] |
jeffreyappel.nl Azure AD attacks |
| [Defense][Entra ID][Simulation] |
Azure/SimuLand |
| [Defense][Entra ID] |
AzureAD/AzureADAssessment |
| [Defense][Entra ID] |
mandiant/Mandiant-Azure-AD-Investigator |
| [Defense][Entra ID] |
@_wald0 Tweet Azure Tiered Administration |
| [Defense][IR][AD] |
www.pwndefend.com Post Compromise AD Checklist |
| [Defense][IR][AD] |
@Purp1eW0lf Tweet Incident Responde Cobalt Strike |
| [Defense][IR][Azure] |
misconfig.io Azure AD Incident Response life cycle |
| [Defense][IR][Entra ID] |
AzureAD/Azure-AD-Incident-Response-PowerShell-Module
reprise99/kql-for-dfir Guide |
| [Defense][Linux] |
Tweet @CraigHRowland Linux Defense
Tweet @CraigHRowland IP Address Obfuscation |
| [Defense][Phishing][Tool] |
emptydc.com Pink Thumb for normal users |
| [Defense][Simulation][Tool] |
clong/detectionlab |
| [Defense][Simulation][Tool] |
redcanaryco/atomic-red-team |
| [Defense][Tool] |
pwnedkeys.com Search Compromised Keys |
| [Defense][Tool] |
danielbohannon/Revoke-Obfuscation |
| [Defense][Tool] |
olafhartong/sysmon-modular |
| [Defense][Tool] |
canarytokens.org Sensitive CMD token |
| [Defense][Tool] |
log2timeline/plaso |
| [OSINT][Collection] |
cipher387/osint_stuff_tool_collection |
| [OSINT][Collection] |
Tweet @danielmakelley Links OSINT |
| [OSINT][Collection] |
https://start.me/p/rxekAP/osint-research |
| [AD] |
learn.microsoft.com AD Schema
learn.microsoft.com AD Schema Extended Rights
learn.microsoft.com Control Access Rights
learn.microsoft.com Best Practices for Securing AD |
| [AD] |
renenyffenegger.ch Brief notes about SID |
| [AD] |
selfadsi.org
selfadsi.org AD Security Descriptors |
| [AD] |
system32.eventsentry.com Lookup Windows Event IDs |
| [AD] |
ultimatewindowssecurity.com Lookup Windows Event IDs |
| [AD] |
mdecrevoisier/Microsoft-eventlog-mindmap |
| [AD][Authentication] |
www.tarlogic.com Introduction Kerberos Delegation |
| [AD][Authentication] |
Collection of posts about Windows Authentication
The Importance of Elevating Privilege
learn.microsoft.com Azure AD Seamless Single Sign-On |
| [AD][LDAP] |
Tweet @simondotsh LDAP Query nested groups |
| [AD][RDP] |
frsecure.com RDP Event IDs |
| [Azure] |
azurecharts.com Azure Availability |
| [Containers] |
Tweet @iximiuz Containers explanation |
| [Entra ID] |
cloudbrothers.info Conditional Access authentication strengh |
| [Entra ID] |
microsoft/ConditionalAccessforZeroTrustResources |
| [Entra ID] |
Password Reset Role Matrix |
| [Entra ID][Authentication] |
LookUp Microsoft SignInLogs Error Codes (ResultType)
acalarch/azure-signinlog-results |
| [Entra ID][Authentication] |
Tweet @reprise_99 Entra ID Tokens |
| [Entra ID][Device] |
@NathanMcNulty Tweet Azure Device Cleanup |
| [Entra ID][Permission] |
graphpermissions.merill.net Microsoft Graph Permission Explorer
(Old permissions may appear if written in the URI) |
| [Entra ID][Permission] |
MicrosoftDocs/memdocs Intune Graph API |
| [Entra ID][Permission] |
microsoftgraph/microsoft-graph-devx-content |
| [Entra ID][Permission] |
easimon/azure-builtin-roles |
| [Entra ID][Permission] |
Cloud-Architekt/AzurePrivilegedIAM |
| [Entra ID][Tool] |
Gerenios/AADInternals |
| [Entra ID][Tool] |
jsa2/caOptics Conditional Access analyzer |
| [Entra ID][Tool] |
aadinternals.com/osint/ Azure AD tenant information |
| [Entra ID][Tool] |
JulianHayward/AzADServicePrincipalInsights |
| [Entra ID][Tool] |
dirkjanm/ROADtools |
| [Entra ID][Tool] |
@merill idPowerToys |
| [Microsoft][Collection] |
msportals.io Microsoft Portals |
| [Microsoft 365][Tool] |
Microsoft 365 Configuration as Code |
| [Microsoft 365][Tool] |
msshells.net Partial list of PowerShell modules for Microsoft 365 and Azure |
| [Microsoft Security] |
learn.microsoft.com Microsoft Cybersecurity Reference Architectures |
| [Microsoft Security] |
Microsoft Zero Trust Workshop |
| [Microsoft Security][Collection] |
https://mattsoseman.wordpress.com Microsoft Security News |
| [Blog][Attack] |
mrd0x.com |
| [Blog][Attack][AD] |
hackndo.com |
| [Blog][Defense] |
inversecos.com |
| [Blog][Defense] |
misconfig.io |
| [Blog][AD] |
adsecurity.org |
| [Blog][AD][Entra ID][Authentication] |
Microsoft Developer Steve Syfuhs |
| [Blog][Microsoft 365] |
office365itpros.com |
| [Blog][Microsoft Security] |
o365blog.com
aadinternals.com |
| [Blog][Microsoft Security] |
azurecloudai.blog |
| [Blog][Microsoft Security] |
m365internals.com |
| [Blog][Microsoft Security] |
cloudbrothers.info |
| [Tool] |
ciphey/ciphey |
| [Tool] |
bee-san/pyWhat |
| [Tool] |
HashPals/Search-That-Hash |
