Microsoft Threat Protection Advance Hunting Cheat Sheet

The purpose of this cheat sheet is to cover commonly used threat hunting queries that can be used with Microsoft Threat Protection. Microsoft Threat Protection has a threat hunting capability that is called Advance Hunting (AH). AH is based on Azure Kusto Query Language (KQL).

Related Repos

gibaBR XCI Organizer Original Reddit Release Manage your XCI library easily Features All XCI Explorer features Displays your whole library Makes managing easy Requirements Visual Studio 2017 Hactoo

attilaszasz Pocos Generator When all you want are Pocos If you prefer to work with a micro-orm like Dapper, but hate manually writing POCO classes for your tables, this is the right tool for you. A port of EZPoco T4 templates to .

Tayx94 Graphy - Ultimate FPS Counter - Stats Monitor & Debugger (Unity) Links: Discord | Mail | Twitter | Asset store | Forum post | Donations WINNER of the BEST DEVELOPMENT ASSET in the Unity Awards 2018. Graphy is the ultimate

enkomio RunDotNetDll - It is a simple utility to list all methods of a given .NET Assembly and to invoke them. RunDotNetDll allows to introspect a given .NET Assembly in order to list all the methods which are implemented in the Assembly

GhostPack SharpWMI SharpWMI is a C# implementation of various WMI functionality. This includes local/remote WMI queries, remote WMI process creation through win32_process, killing of remote processes, enumeration of remote firewall infor

GhostPack SharpDump SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. The MiniDumpWriteDump Win32 API call is used to create a minidump for the process ID specified (LSASS by default) to C:\Windows\Temp\debug.out, G

GhostPack This project has now been deprecated. Its functionality has been incorporated into Rubeus via the "kerberoast" action, which provides proper ASN.1 structure parsing. SharpRoast SharpRoast is a C# port of various Powe

spectresystems Spectre.Query Spectre.Query is a library for doing simplified (safe) querying in Entity Framework Core. Perfect when you want to let end users or APIs search with a SQL-esque language without actually letting them execute any