Microsoft

Automates user and group lifecycle management across Active Directory and Entra ID

Identity threat detection and response solution for Active Directory

A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.

ScubaGear is a PowerShell-based assessment tool that evaluates Microsoft 365 tenant configurations against CISA security baselines using Open Policy Agent and generates compliance reports.

A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.

OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.

A Microsoft framework for secure and efficient sharing of cybersecurity information between trusted parties to reduce cybersecurity risks.

A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.

Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.

Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.

Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.

A Microsoft Word template library for implementing industrial information security management systems with documentation for policy, risk management, business continuity, and incident handling.

MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.

Connect and learn from experts and peers in the Microsoft Community Hub.

A comprehensive SQL injection cheat sheet covering various database management systems and techniques.

A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.

A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection

Compares target's patch levels against Microsoft vulnerability database and detects missing patches.

EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.

A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

A comprehensive collection of SQL injection syntax references and payloads for testing various database management systems during penetration testing and security assessments.