🛡️ Security & Privacy Hardening Tool for Windows 11 25H2 — 630+ Settings, 7 Modules, BAVR Pattern.

ToggleGuardian: Windows Defender Close. | 亦极简的电脑管家，一键关闭 Microsoft Defender Anti-Virus。

Everything about Microsoft Cloud Security!

KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.

⛳️ PASS: Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

Advanced Interactive Security Workshop

PowerShell tool for streamlined Microsoft Defender Advanced Hunting query management with GitHub Copilot integration

Administrative Template (ADMX) for Microsoft Defender Attack Surface Reduction (ASR)

The self-hosted KQL query management platform for SOC teams

Cross-platform interactive shell for Microsoft Defender for Endpoint Live Response

Collection of scripts and importable settings for the Microsoft Suite aligned with my blog

KQL playbook for Microsoft Defender focused on real-world threat hunting, behavioral analysis, and investigation workflows.

AI-powered SOC analyst for Azure Sentinel threat hunting with GPT and VirusTotal integration.

A modular AI-powered CLI for Azure Sentinel threat hunting & remediation. Features strict guardrails, cost-aware routing, and automated SOAR workflows (VM isolation, rule creation).

Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.

OpenAPI specification for Microsoft Defender for Endpoint API - AI-generated, optimized for Rewst automation platform

PowerShell-based Microsoft security investigation and defensive gap assessment framework focused on Microsoft XDR, Entra ID, KQL pivots, analyst workflow, and executive exposure reporting.

Automated Migration from 3rd party AV to Microsoft Defender AV

Deploy Microsoft Defender Endpoint for Linux with Ansible

A multi-tenant vulnerability management platform for Microsoft Defender.