Enterprise-Grade Security & Privacy Hardening Tool for Windows 11 25H2

ToggleGuardian: Windows Defender Close. | 亦极简的电脑管家，一键关闭 Microsoft Defender Anti-Virus。

Everything about Microsoft Cloud Security!

KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.

Advanced Interactive Security Workshop

⛳️ PASS: Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

PowerShell tool for streamlined Microsoft Defender Advanced Hunting query management with GitHub Copilot integration

Administrative Template (ADMX) for Microsoft Defender Attack Surface Reduction (ASR)

Cross-platform interactive shell for Microsoft Defender for Endpoint Live Response

Collection of scripts and importable settings for the Microsoft Suite aligned with my blog

AI-powered SOC analyst for Azure Sentinel threat hunting with GPT and VirusTotal integration.

KQL playbook for Microsoft Defender focused on real-world threat hunting, behavioral analysis, and investigation workflows.

OpenAPI specification for Microsoft Defender for Endpoint API - AI-generated, optimized for Rewst automation platform

A modular AI-powered CLI for Azure Sentinel threat hunting & remediation. Features strict guardrails, cost-aware routing, and automated SOAR workflows (VM isolation, rule creation).

Automated Migration from 3rd party AV to Microsoft Defender AV

Deploy Microsoft Defender Endpoint for Linux with Ansible

A multi-tenant vulnerability management platform for Microsoft Defender.

Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.

DeviceControlPolicy is a macOS SwiftUI app for creating and editing Microsoft Defender for Endpoint device control policies. It provides a document-based, form-driven UI for building policy JSON and validating it against the Microsoft schema.

Microsoft related PowerShell scripts and KQL queries