A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Random Powershell scripts

A collection of Threat Hunting & Alert queries I've written for 365 Defender's 'Advanced Threat Hunting'

A collection of hands‑on labs demonstrating real-world threat hunting with Microsoft Defender for Endpoint (MDE)

Find potential local privilege escalation on windows with KQL

Public branch of Atea Ansible module, soon to be available from the Atea GitHub organization

End-to-end Azure security projects implementing VPN, Microsoft Defender, Conditional Access, and Zero Trust best practices.