# Awesome Purple Teaming # Random - https://github.com/davidprowe/BadBlood - [Azure Sentinel – Cloud-native SIEM Solution | Microsoft Azure](https://azure.microsoft.com/en-us/products/microsoft-sentinel/) - [Log Analytics tutorial - Azure Monitor | Microsoft Learn](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial) - Linux Commands - cat, cut, sed, awk - https://github.com/arch4ngel/bl-bfg - https://github.com/arch4ngel/BruteLoops - [Viscosity - OpenVPN Client for Mac and Windows](https://www.sparklabs.com/viscosity/) - [GlassWire - Personal Firewall & Network Monitor](https://www.glasswire.com/) - [HostRecon/HostRecon.ps1 at master · dafthack/HostRecon](https://github.com/dafthack/HostRecon/blob/master/HostRecon.ps1) # Things to learn - Sys Admin - ADCS - SysInternals - Azure AD - KQLn - Sentinel - Threat Optics Stacks - logging - Sysmon - event ID 11 & 3 - lmk, cpl, ps1 (files) - Userland? - users shouldn’t be running as admin all the time - SIEMs - C2 - metasploit - resource files - Wardriving - wigle.net - GPS puck - solar-powered - Malicious LNK - fileshares on DC - NT Directory Services