Skip to content

@FalconForceTeam FalconForce

Change the repository type filter

All

    Repositories list

    12 repositories

    • FalconHound

      Public
      FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.
      Go
      BSD 3-Clause "New" or "Revised" License
      4974311Updated Nov 28, 2024Nov 28, 2024

    • KQLAnalyzer

      Public
      REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
      C#
      63100Updated Nov 25, 2024Nov 25, 2024

    • FalconFriday

      Public
      Hunting queries and detections
      sentinelhuntingblueteampurpleteamkqldefender-atpdefender-for-endpoint
      BSD 3-Clause "New" or "Revised" License
      8373510Updated Sep 10, 2024Sep 10, 2024

    • reply-url-brute

      Public
      Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure
      Python
      BSD 3-Clause "New" or "Revised" License
      01000Updated Jul 23, 2024Jul 23, 2024

    • SOAPHound

      Public
      SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
      C#
      GNU General Public License v3.0
      7069241Updated Feb 3, 2024Feb 3, 2024

    • AzureHoundAutoCollect

      Public
      Some plumbing to automate the collection of AzureHound
      Shell
      0300Updated Jul 24, 2023Jul 24, 2023

    • ParrotForce

      Public
      Azure playbook for automatic evidence collection
      automationazureresponse
      4700Updated Jul 3, 2023Jul 3, 2023

    • FalconForge

      Public
      This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365 Defender products.
      Python
      81500Updated Mar 10, 2023Mar 10, 2023

    • SysWhispers2BOF

      Public
      Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
      Python
      1711701Updated May 24, 2022May 24, 2022

    • ADExplorerSnapshot.py

      Public
      ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
      Python
      122200Updated Apr 6, 2022Apr 6, 2022

    • Azure-Sentinel

      Public
      Cloud-native SIEM for intelligent security analytics for your entire enterprise.
      Jupyter Notebook
      MIT License
      3k800Updated Mar 11, 2022Mar 11, 2022

    • BOF2shellcode

      Public
      POC tool to convert CobaltStrike BOF files to raw shellcode
      C
      Other
      2717510Updated Nov 5, 2021Nov 5, 2021