A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Random Powershell scripts

A collection of hands‑on labs demonstrating real-world threat hunting with Microsoft Defender for Endpoint (MDE)

A collection of Threat Hunting & Alert queries I've written for 365 Defender's 'Advanced Threat Hunting'

Public branch of Atea Ansible module, soon to be available from the Atea GitHub organization

End-to-end Azure security projects implementing VPN, Microsoft Defender, Conditional Access, and Zero Trust best practices.