A free, open-source forensics PowerShell module for conducting incident response and threat hunting of Microsoft Cloud environments. Hawk streamlines the collection of forensic data from Microsoft 365 and Entra ID environments to help security professionals, incident responders, and administrators quickly gather critical log data and id... More info

Microsoft 365 Incident Response and Threat Hunting PowerShell tool. Osprey is designed to ease the burden on M365 administrators who are performing Cloud forensic tasks for their organization. It accelerates the gathering of data from multiple sources in the service that be used to quickly identify malicious presence and activity.

A Microsoft 365 incident response and investigation powershell module with a focus on email phishing attacks. Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts. The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CS... More info