[PR #217] [CLOSED] Add m365-security-operations to Other Useful Repositories #3198

Closed
opened 2026-07-13 22:25:21 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Hack-with-Github/Awesome-Hacking/pull/217
Author: @ibondarenko1
Created: 5/24/2026
Status: Closed

Base: masterHead: add-m365-security-operations


📝 Commits (1)

  • 76ddf96 Add m365-security-operations to Other Useful Repositories

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 README.md (+1 -0)

📄 Description

What

Adding m365-security-operations under Other Useful Repositories, placed alphabetically between Machine Learning for Cyber Security and Payloads.

Why it fits this list

m365-security-operations is an open source audit-and-remediate toolkit for Microsoft 365 plus Cloudflare. While the Awesome Repositories section above is reserved for awesome-list-of-lists style entries, the Other Useful Repositories section already includes reference toolkits and frameworks like DetectionLab, PayloadsAllTheThings, GTFOBins, and Vulhub. m365-security-operations fits this category as a working detection-engineering and audit toolkit.

Components:

  • 5 MITRE ATT&CK-mapped Microsoft Sentinel Scheduled Analytics Rule ARM templates (Persistence T1098, Impact T1485, Discovery T1087, Privilege Escalation T1098, Defense Evasion T1562)
  • 10 KQL hunting drill templates for Microsoft Defender XDR Advanced Hunting and Microsoft Sentinel
  • 6 Conditional Access policy baselines ready for Microsoft Graph PUT
  • DNS and email authentication audit modules (DKIM, SPF, DMARC, MTA-STS, TLS-RPT)
  • Exchange Online PowerShell remediation scripts

Why useful for hackers, pentesters, and security researchers

  • Red teamers and pentesters can use the audit modules to identify M365 misconfigurations during cloud engagement reconnaissance
  • Blue teamers and detection engineers can deploy the Sentinel ARM templates and KQL drills directly into their workspace
  • Security researchers can use the schema-first design (SCHEMA.md) as a reference for structured-finding tooling
  • Mock mode (`examples/run-mock.ps1`) produces a sample run in 30 seconds without any Azure access

License

MIT.

Quality bar

  • v1.0 release (May 2026)
  • Pester test suite passing on Windows + Linux + Mac CI matrix
  • 6 Architecture Decision Records documenting design choices
  • 5 walkthroughs covering end-to-end deployment of each remediation artifact

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Hack-with-Github/Awesome-Hacking/pull/217 **Author:** [@ibondarenko1](https://github.com/ibondarenko1) **Created:** 5/24/2026 **Status:** ❌ Closed **Base:** `master` ← **Head:** `add-m365-security-operations` --- ### 📝 Commits (1) - [`76ddf96`](https://github.com/Hack-with-Github/Awesome-Hacking/commit/76ddf962428be82855830fca67d24936edee6eca) Add m365-security-operations to Other Useful Repositories ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+1 -0) </details> ### 📄 Description ## What Adding [m365-security-operations](https://github.com/ibondarenko1/m365-security-operations) under **Other Useful Repositories**, placed alphabetically between Machine Learning for Cyber Security and Payloads. ## Why it fits this list m365-security-operations is an open source audit-and-remediate toolkit for Microsoft 365 plus Cloudflare. While the Awesome Repositories section above is reserved for awesome-list-of-lists style entries, the Other Useful Repositories section already includes reference toolkits and frameworks like DetectionLab, PayloadsAllTheThings, GTFOBins, and Vulhub. m365-security-operations fits this category as a working detection-engineering and audit toolkit. Components: - **5 MITRE ATT&CK-mapped Microsoft Sentinel Scheduled Analytics Rule ARM templates** (Persistence T1098, Impact T1485, Discovery T1087, Privilege Escalation T1098, Defense Evasion T1562) - **10 KQL hunting drill templates** for Microsoft Defender XDR Advanced Hunting and Microsoft Sentinel - **6 Conditional Access policy baselines** ready for Microsoft Graph PUT - **DNS and email authentication audit modules** (DKIM, SPF, DMARC, MTA-STS, TLS-RPT) - **Exchange Online PowerShell remediation scripts** ## Why useful for hackers, pentesters, and security researchers - Red teamers and pentesters can use the audit modules to identify M365 misconfigurations during cloud engagement reconnaissance - Blue teamers and detection engineers can deploy the Sentinel ARM templates and KQL drills directly into their workspace - Security researchers can use the schema-first design (SCHEMA.md) as a reference for structured-finding tooling - Mock mode (\`examples/run-mock.ps1\`) produces a sample run in 30 seconds without any Azure access ## License MIT. ## Quality bar - v1.0 release (May 2026) - Pester test suite passing on Windows + Linux + Mac CI matrix - 6 Architecture Decision Records documenting design choices - 5 walkthroughs covering end-to-end deployment of each remediation artifact --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-07-13 22:25:21 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/Awesome-Hacking#3198