PSMDE - PowerShell Defender for Endpoint Module
PSMDE is a PowerShell module providing interactive access to Device information, Advanced Hunting data and machine actions. ...
Defender
Replace sensitive information before committing PowerShell scripts using Git Clean and Smudge Filters
The git filter option isn’t well documented, but its very useful for removing sensitive information you don’t want appearing in your public repo. This post provides an example of replacing the Azure TenantID and AppID with dummy values during the git commit process for a PowerShell script. ...
Create a Hyper-V VM with a differencing disk using PowerShell
This post cover the following: An overview of the steps to create the parent virtual disk A script to automate creation of child VMs with a differencing disk ...
Bypassing Defender EDR using Windows Firewall - mitigations
Attackers can use Windows Firewall to block EDR telemetry leaving the endpoint. Read-on for how this is mitigated. ...
Access api.securitycenter.microsoft.com interactively with PowerShell
This post is an introduction to accessing the Defender Security Center API in PowerShell using interactive authentication. It is the basis for building tools and scripts to enhance day-to-day productivity that I’ll explore in future posts. ...