Projects
Here you can find a selection of the projects I have worked on over the years.
Defender Resource Hub
Defender Resource Hub is a handcrafted collection of Microsoft Security resources, bringing together documentation, learning content, community blogs, Tech Community updates, GitHub repositories, podcasts, videos, books, and social media links around Microsoft Defender, Entra ID, Sentinel, and the wider Microsoft Security stack.
KQL Sentinel & Defender queries
KQL Sentinel & Defender queries A curated GitHub repository with practical KQL hunting queries, detection rules, and visualizations for Microsoft Security products, helping defenders improve detection coverage across Defender XDR, Defender for Endpoint, Defender for Identity, Entra ID, Sentinel, Exposure Management, and MITRE ATT&CK mapped scenarios.
Microsoft Edge Scareware Blocker
Microsoft Edge Scareware Blocker A safe, local demo page that simulates common scareware and tech-support scam tactics, such as fake alerts, countdown pressure, fullscreen prompts, and browser friction, to help defenders test Microsoft Edge Scareware Blocker and train users without using real malware or collecting data
Microsoft Defender Threat Intelligence Toolkit
Microsoft Defender Threat Intelligence Toolkit A community PowerShell toolkit for managing Microsoft Sentinel Threat Intelligence
KustoVars
KustoVars Kusto (KQL) variable generator
Defender-for-Cloud-Apps - Toolbox
Defender-for-Cloud-Apps - Toolbox A collection of PowerShell functions designed to simplify and automate the management of Microsoft Cloud App Security (MCAS)
PowerShell Module for Microsoft SOC Optimization API
PowerShell Module for Microsoft SOC Optimization API
Sentinel TI Upload Toolkit
The Sentinel TI Upload Toolkit contains a number of PowerShell functions and scripts to import Threat Intelligence IOCs into Microsoft Sentinel using the upload indicators API. For more details also see Reference the upload indicators API (Preview) to import threat intelligence to Microsoft Sentinel
Intune Custom Compliance Policies
Intune Custom Compliance Policies This repository contains detection/discovery scripts and JSON files for Microsoft Intune Custom comppliance scripts and policies. Each Custom compliance contains the following artifacts.
Microsoft Defender for Endpoint PowerShell Module (Archived)
Microsoft Defender for Endpoint PowerShell Module This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender for Endpoint API.