HAWK M365 Analysis
These notes and scripts are based on the output from https://github.com/T0pCyber/hawk.
Hawk Notes
Hawk Incident Commands
Result Status Detail Issue
Impossible Travel Code Fragments
Some scripts to help with detecting Impossible Travel on Github.
Some other scripts to help with M365 Analysis
CrowdStrike Reporting Tool
CISA tool