Enterprise-Grade Security & Privacy Hardening Tool for Windows 11 25H2

ToggleGuardian: Windows Defender Close. | 亦极简的电脑管家，一键关闭 Microsoft Defender Anti-Virus。

Everything about Microsoft Cloud Security!

Advanced Interactive Security Workshop

⛳️ PASS: Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.

PowerShell tool for streamlined Microsoft Defender Advanced Hunting query management with GitHub Copilot integration

Administrative Template (ADMX) for Microsoft Defender Attack Surface Reduction (ASR)

Collection of scripts and importable settings for the Microsoft Suite aligned with my blog

Cross-platform interactive shell for Microsoft Defender for Endpoint Live Response

AI-powered SOC analyst for Azure Sentinel threat hunting with GPT and VirusTotal integration.

KQL playbook for Microsoft Defender focused on real-world threat hunting, behavioral analysis, and investigation workflows.

OpenAPI specification for Microsoft Defender for Endpoint API - AI-generated, optimized for Rewst automation platform

A modular AI-powered CLI for Azure Sentinel threat hunting & remediation. Features strict guardrails, cost-aware routing, and automated SOAR workflows (VM isolation, rule creation).

Automated Migration from 3rd party AV to Microsoft Defender AV

Deploy Microsoft Defender Endpoint for Linux with Ansible

Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.

DeviceControlPolicy is a macOS SwiftUI app for creating and editing Microsoft Defender for Endpoint device control policies. It provides a document-based, form-driven UI for building policy JSON and validating it against the Microsoft schema.

Setting Up Wazuh SIEM/XDR Homelab and Integration of Microsoft Defender into it.

Microsoft related PowerShell scripts and KQL queries