Baric's knowledge Base
  • Baric
  • Security Programs
    • OSINT
      • Web Server Search
        • Censys Search
        • Shodan Exploits Search
        • Criminal IP Search Engine
        • Shodan Search
        • Zoomeye search
        • FQFA Search
        • Odin Online Device Search
        • LeakIX a site for finding leaks
        • Site Email Finder
      • Url scanning / testing online sites
        • Web Check
        • URLDna
        • Cyscan
      • OSINT Websites
        • Hackers-Arise
        • Hunter.io
        • Darkdump
        • OSINT people data
        • VPN & Proxy IP Detection Tool
        • IP2Proxy Proxy Detection
        • IP Address Lookup
        • Use this Ip-locator
        • Library Of Leaks
        • Pugrecon
        • Advanced search for Youtube
        • FilePhish
      • Counter OSINT
      • The Inspector
      • Blackbird
      • Bruter IP locate
      • Cloudmare
      • Cr3dOv3r credential reuse attacks
      • EMM OSINT SUITE
      • Gvision image location finder
      • Infoooze Osint
      • Iplocation Lookup
      • Linkedin Dumper
      • Metabigor OSINT tool
      • Netlas.io
      • NetSoc_OSINT socal media
      • OpenSquat
      • (API) OSINT Mantra
      • OSINT SPY Search using OSINT
      • OSINTUI
      • Sherlock OSINT
      • Snoop Project OSINT
      • Sublist115R
      • Ominis OSINT Toolkit Web-Search
      • X-OSINT
      • Eyedex find open server files
      • WhatsMyName
      • LeakSearch Tool to search password dumps and breached DB
      • Skytrack track planes
      • Tookie-osint
      • Telegram Explorer
      • Telegram search
      • You-Get download media contents (videos, audios, images)
      • Hawker Osint
      • Git Leaks
      • ShipXplorer tracking ships
    • Security FrameWorks
      • (docker) OffensiveDocker
      • ICS Security training
      • Catherine framwork
      • Ducksploit framework
      • InviZzzible VM tester
      • KitSec Framework
      • Opencti
      • Opensearch
      • Spellbook Rapid Development of Reusable Security Tools
      • Metasploit
      • W3af (Web Application Attack and Audit Framework)
      • Metasploit
      • AttackGen
      • Ronin-Recon
      • BetterCap
    • Threat Hunting
      • AIMOD2 Threat Hunting Framework
      • (IR) Untitled Goose tool
      • Bitlocker attacks
      • MISP Threat Intelligence Sharing Platform
      • Threat Hunting keywords
      • Velociraptor threat hunter
      • Win32 Offensive Cheetsheet
      • Introducing the REx: Rule Explorer Project
      • Awesome Threat Detection and Hunting
    • Shells
      • (py rat) WCE Windows Commander and Exfiltrer
      • (proxy_reverse shell) Stowaway
      • CaveCarver
      • Hoaxshell Reverse Shell
      • JavaRat
      • Keres PE reverse shell
      • Ninja_shell Portknocking
      • RAT- Collection
      • Sandman NTP
      • SCShell
      • SharPersist Windows persistence shell toolkit
      • Shell GPT
      • SocialX
      • Spark RAT tool
      • Stormbreaker
      • Villain Backdoor generator
      • WMiexec pro shell
      • Reverse Shell Generator
    • Reverse Engineering
      • (file navigator) Eviltree remake of tree command
      • (debugger) DnSpyEX
      • (Forensics) Forensictools
      • (lib_tool) MemProcFS ram forensics
      • (RE) Capa
      • (RE) Cyberpipe
      • (RE) Docker packing box
      • wwwtree
      • BLINT ELF, EXE vuln scanner
      • Ciphey automated decryption tool
      • EaseUS Undeleter
      • IATelligence Import Address Table (IAT) from a PE
      • laZzzy shellcode loader
      • PyOneNote parser
      • RE android app apk.sh
      • Recuva Undeleter
      • Reverse Engeneering Tools and Addons
      • Ubsym Bin Vuln Scanner
      • Volumiser VDMK_HDD Explorer
      • X64DBG RE debugger
      • Forensics - RecoverPy Un-delete Data
      • YaraDbg
      • Interactive PDF Analysis
      • Indetectables Toolkit
      • Binwalk
      • lightweight multi-architecture assembly playground
    • Phishing
      • Phishing Sites
        • Fake Site URL lookup
        • Phishtank URL lookup
        • Cert.pl malicious domains
        • Free Online Tools for Looking up Potentially Malicious Websites
        • Openphish
        • Urlscan + api
        • CheckPhish URL Checker
        • Artists Against 419 spam
        • Find Certs of newly added sites
        • UrlDna Website Breakdown
        • Free Phone Validation Lookup
        • Phishing URL Checkers
        • Phishing with Google Calendar
        • Scamminder
      • BeEF
      • (defense) Conan account finder
      • (defense) Mailto analyzer
      • Clifty Phishing tool
      • Evil no vnc phishing
      • Evil Qr
      • Evilginx 3.0
      • Gophish
      • Poastal
      • Squarephish phishing
      • WhatMail email header analyzer
      • DNStwist phishing domain scanner
      • Discord-QR-Scam
      • CuddlePhish
      • domain-park
      • VOIP phone services
        • Jitsi phone
        • Microsip Phone
        • 3CX phone
        • BRIA formally X-lite phone
        • linphone phone
      • HEDnsExtractor
      • CyberPhish
      • PhishMailer
    • Browser Tools
      • Tamper Monkey Extension
      • Mercurial Grabber
      • (py) Decrypt Chrome Passwords
      • browser forensics
      • BrowserHistoryView
      • ChromePass
      • SharpWeb
      • Stalking inside of your chromium
      • HackBrowserData
      • Stratosphere Browser Recorder
      • Monolith
      • Browser.lol
      • Mitmproxy - open source interactive HTTPS proxy.
      • BrowserGhost get browser data
      • BrowserAudit
      • I-See-You
      • DB Browser for SQLite
      • CursedChrome
      • SOC Multi-tool
    • Mobile
      • ApkHack Backdoor
      • (IOT) MQTT Explorer
      • APKLeaks Scanner
      • Ghost Track
      • Moriarty project
      • OWASP (MAS) Mobile Application Security
      • PCAPdroid
      • Phonesploit pro
      • R4ven mobile ip and location
      • Rafel Android RAT
      • Seeker get location
      • Striker app
      • Symbiote camera access
      • Tiny check
      • Android RAT with Firebasedb
      • NetGuard App internet limiter
      • BlueSpy
      • BlueToolkit
      • DH-Hackbar
      • Sippts VoIP Scanner
      • Frida Script Runner
      • B4Bomber Android Version
      • SocialSploit
      • ApkdeepLens Vuln scanner
    • Audit and Scanners
      • OpenVAS/Greenbone
      • Nikto Scanner
      • OpenSCAP
      • (linux) Vuls agentless vuln scanner
      • Lynis (Linux or mac) vuln scanner
      • Trivy scanner
      • Clair Scanner for docker containers
      • Sploitscan .py
      • OWASP Zap
      • ZMap Internet Scanner
      • nrich IP vuln scanner
      • Viper
      • kscan rdp bruite an network scanner
      • Above network vuln scanner
      • GoGo port scanner
      • GobyVuls
      • Flan scan network vulns
      • Goscan vuln scanner
      • aFrog vuln scanner
      • TPM 2.0 vuln scanner
      • osv-scanner by google
      • Sirius scanner vulnscan opensourced
      • Envizon network visual and pentesting
      • Arkime packet scanner
      • CredSweeper
      • WiDefend RAT scanner
      • Ludvig container,FS and github vuln scanner
      • Grype container img vuln scanner
      • extAnalysis vuln scanning
      • Python network port scanner
      • Universal Scanner network
      • Soldr endpoint detection scanner
      • dep-scan security audit
      • smbeagle filesahare audit tool
      • Fenrir linux incator of compremises scanner
      • Parchu web vuln checker
      • Angry IP scanner
      • Nuclei Scanner
      • rmap
      • Slooth Security Vulnerability Search and Management System
      • Wireshark
      • TcpDump
      • grype docker and file system scanner
      • APTRS vulnscanner
      • Microsoft Attack Surface Analyzer
    • Windows
      • NETworkManager
      • Ntlmscan
      • Onedrive_user_enum v2.00
      • PersistenceSniper
      • PingInfoView
      • Policyplus local gpo editor
      • PowerlessShell
      • PS2 powershell port scanner
      • Powersharppack
      • PXEThief
      • Pyrdp monster in the middle
      • RegistryExtraction py
      • Roadtools azure ad
      • SharpExchange Exchange server communicating
      • Snaffler AD sniffer
      • SharpRDPHijack
      • SSH Putty bruteforcer
      • AD - HEKATOMB scan and crack
      • AD - Pen-test Powershell Tools Modules
      • AD - Privileger
      • AD - LinWinPwn AD vulnScanner
      • (event log reader) APT Hunter
      • log - WELA (Windows Event Log Analyzer)
      • packer exploit - macropack community
      • powershell - DomainPasswordSpray
      • powershell - MFASweep
      • LocalAdminSharp
      • SMB - RSMBI Scanner
      • AD LDAPnomnom extract usernames
      • AADinternals
      • AD Ping castle
      • AD PywerView
      • AD scrape ScrapingKit
      • AuditPolCIS
      • AzureGoat vuln AD emulator
      • Azure AD password checker
      • BadZure misconfigured Azure AD
      • C# azure offensive tools list
      • Chainsaw
      • CrackMapExec
      • Dir2json directory listener
      • DNSTake scan for missing dns zones
      • ETWMonitor
      • Game of Active Directory
      • GetLAPSPassword
      • Grouper 3 find vulns in AD GPO
      • Hayabusa windows log analyser
      • Invoke ADEnum
      • Invoke PowerExtract
      • Isassy remote cred extractor
      • MFASweep powershell check user for mfa
      • Microsoft AttackSurfaceAnalyzer
      • TrlDNet file type finder
      • Windows computer basic security checks
      • Windows dedfender remover
      • Windows LOLDrivers scanner
      • WinPWN
      • StandIn AD post compromise toolkit
      • Starkiller
      • Token Universe
      • Go-Secdump
      • Microsoft Activation Scripts (MAS)
      • Total-Recall Microsoft recall reader
      • NetworkMiner
      • PowerHuntShare
      • SharpBruteForceSSh
      • AzureGraph
      • MDEtester
      • HDCleaner
      • TweakPower
      • RegCool
      • EventLogViewer
      • RegShot
      • Process Monitor
      • Process Hacker
      • AutoRun
      • TCPView
      • Dependency Walker
      • Sandboxie Malware Sandbox
      • Windirstat
      • HXD Hexeditor
      • Unlocker File Unlocker
    • Bug Bounty
      • Online Resources
        • Dorking
          • List OL Dorks
      • Burp Community (free version)
      • Caido (burp alt)
      • Ghauri SQL injection
      • Open bullet pen-testing tool
      • FirebaseExploiter
      • Easy Scan website scanner
      • (git) Nosey Parker
      • Artemis web vulnerability scanner
      • PHP Cookie Stealer
      • Lookyloo website tree graph
      • Jira-scan
      • Stealerium key logger
      • Naabu site port scanner
      • Socialhunter
      • Klyda form password spray
      • WordPress scanning tool
      • Jbin-website-secret-scraper
      • ReconBulk subdomain
      • PyMeta site extracter
      • Interactsh opensourced burp
      • WafWoof
      • WhatWaf waf finder
      • Endext endpoint scraper
      • Python recon scripts web auditing
      • DomoArigato audit robox.txt
      • Amass OWASP web scanner
      • Feroxbuster
      • FOFA Viewer web scanner
      • BHEH's SecretOpt1c scanner
      • (bugbounty) Wildcrawl
      • CMSmap website vulnscan
      • SQLMap
      • GraphQLmap
      • (vuln scanner) Web Security Scanner
      • FFUF fuzzer
      • Shodan Scrapper
      • TruffleHog
      • Kiterunner
      • Arescan Advanced Directory Discovery Tool
      • Caido web app audit
      • Gungnir - Domain cert monitor
      • Scilla
      • WebCopilot
      • Subdominator
      • Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment
      • DorkGPT
      • Hexa Keylogger
      • Lazy Dork
      • AdminDirectoryFinder
    • Privacy
      • Privacy Sites
        • Fake Name and Information generator
        • Fake Profile Picture Generator
        • Burner Emails
        • Burner Phones Numbers
        • Mailfence
      • Tor
        • Tor-Bot Dark-web scanner
        • OnionScan - Tor
      • I2P
      • OpenVPN
      • Proxxy - a proxy scraper
      • Opera-proxy
      • Gluetun VPN client
      • Mullvard browser VPN
      • Tailscale VPN
      • Google Results about you
      • Fireprox
      • Proxycannon-ng
      • Gigaproxy
      • White Intel - A DATA ANALYTICS TOOL FOR DETECTING BREACHES FROM INFORMATION STEALERS
      • (Paid) Private Internet Access
      • Privacy.sexy
      • Personal privacy checklist
    • Useful Online Links
      • Hugging face AI LLM models
      • Hunter internet device finder, like Shodan
      • JSONcrack
      • Knowledge Base by offsec
      • Microsoft Build code examples
      • MITRE ATT&CK information
      • Proxy Servers Site
      • Russian Search Engine
      • There's a AI for that
      • Tiny Tools
      • World Eventmap
      • Youtube Downloader
      • TinEye Reverse Image Search
      • Browser exploit CTF challenges
      • Blackhat Russia Tools
    • Spiders and Scrapers
      • NodeCraw
      • WebPalm
      • SpiderSuite
      • SmbCrawler
      • Bright data web scraper browser
      • Webscrape get email and phone
      • Jsoup: java HTML parser/scraper
      • HttpLoot
      • Katana Spider
      • G-Scraper
      • Email Crawler
      • creepyCrawler
      • Maxun auto web-scraper
      • Scraperr Spider
      • Scrapling Web-Scraper
    • Command and Control
      • Merlin C2
      • Periscope C2
      • ShadowForge C2
      • Primus C2
      • C2 Hunter RE
      • SharpFTPC2
      • Google calender Rat (C2)
      • MaccaroniC2
      • Nimbo-C2
      • Havoc C2 Server
      • Mystic C2
      • Silver C2
      • Striker C2 Recon & Vulnerability Scanning Suite
      • Hades c2
      • Phoenix C2
      • Supershell C2
      • Emp3r0r C2
      • C# Hardhat C2
      • AM0N-Eye C2
      • Python Pupy RAT
      • Python TrevorC2
      • Python Weasel DNS beacon C2
      • Cisco ASA Anyconnect faker
      • C# rasta-mouse SharpC2 server
      • Overlord - red team automation
      • Redblood C2
      • Nemo post-exploitation framework
      • Discord as a C2
      • Octopus C2 Server
      • Empire C2 framework
      • RedGuard C2
      • convoC2
    • HoneyPots
      • Honeypots
      • Respotter
      • HoneyDB
      • Dionaea honeypot - Building a Honeypot to Capture Zero-Day Exploits
      • HoneyPots 20+
  • Development
    • BOF and Coff Executers
      • COFF Loader
      • (golang) Doge-COFFLdr
      • community BOF plugins colbolt strike
      • kernal coff loader
      • Running Cobalt Strike BOFs from Python
      • RunOF BOF executer
      • BOF.NET - A .NET Runtime for Cobalt Strike's Beacon Object Files
    • Code Scanners
      • Mobsfscan android safe code scanner
      • Sourcegraph search github codebase
      • grepmarx
    • Databases
      • MySQL Fake Server
      • Beekeeper studio remote SQL viewer
      • SQLite and Nodejs
      • ChartDB
      • Metabase
    • Docker
      • Remap Ports
      • Basic commands
      • Security Playground
      • Install docker-compose on linux
      • Awesome Compose Docker
      • Nginx-proxy-manager docker
      • Compose Craft
      • Docker Linux Server
      • ntfy.sh | Send push notifications to your phone or desktop via PUT/POST
      • Docker Self hosted collection
    • API and Scraping Sources
      • Scraping
        • CVE feeds
        • CVEDetails - site
        • CVE PoC - github
        • NVD CVE Search - site
        • Packet-storm Exploits search - site
        • CVE shodan JSON endpoint
        • Cisco Talos CVE reports and zero-days
        • Zero-Day.cz
        • Zero-Day Initiative
      • Github Data Sources
        • Pinokio AI Collection
        • Mail checker list of bad email domains
        • Motikan2010 (sec)
        • C2-tracker
        • Nomi Sec (Exploits)
        • IPsum bad IP's
        • romainmarcoux bad IP addresses
        • Data-cve-poc Exploits
        • Free Threat Intel/IOC Feeds
      • (paid) Text message api
      • (api) internetdb.shodan.io
      • Awesome-security-Apis
      • Clemiller ATT&CK v12.1 Enterprise
      • Cve Score API
      • Dummy Json products
      • Password Purgatory
      • REGEX pattern database
      • (api) Scamadvisor api
      • Telegram-API: a Python-based open-source tool for Telegram
      • Vuln feed alot abit
      • VX-underground malware API
      • Markdown badges API
      • Weather alerts Api
      • Wordlist API
      • Alienvault threat feed API
      • IP2Location
      • WebCheck API
      • Wordlists specially for API routes fuzzing
      • (paid) Netify Network intel
      • (semi free)IPHQ Fraud and Cyber Threats API
      • API-Security-Checklist
      • Scamalytics IP Search API
      • AbuseIPDB API IP checking
    • Microsoft KQL
      • KQL hunting email Queries
      • KQL hunting with Azure and Log Analytics
      • KQL Hunting URLS Queries
      • KQL Identity-based Attacks
      • KQL search
      • KQL Github Pages
      • Generate KQL queries
      • KQL Hunting-Queries-Detection-Rules
      • KQL Sources
    • AD PS Commands
      • Microsoft online Cloud Shell
        • Commands
        • Help
        • 365 Powershell Commands
      • ( AD ) Active Directory Powershell Commands
      • AD command website
      • Azure Active Directory Powershell Commands
      • Network Powershell Commands
      • Powershell port scanner
      • Set service recovery options in powershell
      • Powershell Gallery
      • Basic Powershell commands
      • Push notification Windows ps1
      • Run app with Admin creds through powershell
      • Powershell Auditing Commands
    • HomeLab
      • Awesome-Self hosted collection
      • Docker Apps
        • Rancher Kubernetes cluster
        • Portainer Docker Management
        • DocCat
        • Dashy HomeLab Home page
        • Huginn Agents
      • ISO's
        • (windows) atlas OS
        • (Paid) Acronis True Image
        • Chimera Linux gaming OS
        • Commando-VM pen-testing suite for windows
        • Cyberpunk OS osint
        • Flare-VM Malware reverse engineering image
        • Hiren BootCD PE
        • KVM hypervisor Ubuntu
        • MedCatUsb live disk
        • OSINT VM
        • Pxeboot
        • Qubes OS hypervisor 1, Vm
        • Sherlock Osint os
        • ShredOS -Disk Eraser
        • Slingshot Linux Distribution
        • Sonatype Nexus3 Docker
        • ThreatPursuit-VM threat hunting suite for window
        • Ventoy
        • Windows 7 and 8 Download
        • Windows keys cheep
        • Windows security sandbox tools testing Vulns
        • wiztree hdd analysis windows
        • CSI Linux OSINT OS
        • UUP dump
      • Zabbix Monitoring
        • Agent install
          • Windows
          • Linux
      • Pi Weather Station
      • NetAlertX
      • MISP threat Management/Hunting
      • PiholeBlockList
      • Windows Development Server
      • Education Labs
        • VulHub Vulnerable docker Image
      • Media Server Torrents
      • Gitea Self-hosted Github
      • Performa Network Monitoring
      • Cockpit Project Headless Linux Server Controller
      • ipam server
      • PRTG network solutions
      • Monitoring domain controller with TIG suite
      • How to install NetHunter on TicWatch Pro
      • Sniffnet network monitor
      • openDns Web filter home
      • Exchange Server
        • Install exchange server
        • Exchange Create incident reports
      • Cisco Catalyst Switch
        • Finding Device IP
        • Adding and deleting VLANS
        • Turn on telnet and web UI
        • Modding config file
        • Show Command
        • Basic Commands
        • Connect to Switch
      • Rath Data Analysis and Visualization tools
      • BlueWave Uptime
      • Windmill Automation
      • Activity Watch
      • Checkmate
      • JetKVM IP based KVM
      • Myspeed testing and keep network speeds
      • GOSINT - Open Source Threat Intelligence Gathering and Processing Framework
      • GGH
    • Compliance
      • Self Audit Procedures
        • Cmmc
          • Level 1 assessment
          • Level 2 assessment
          • Level 1 and 2 task list
        • Nist
          • NIST SP 800-171r3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organiza
          • Nist 800-171 R2 task list
          • NIST 800-171 PDF
        • Audit Reporting
          • pwndoc-ng
          • MSTIC Jupyter and Python Security Tools
          • APTRS reporter
          • SYSreporter
          • Kracken cracked PW reporter
          • Security Incident Handling Guide
          • DFIR TEMPLATES
          • Sans Policy template list
          • Pentest report template
        • Risk Management
          • Top misconfiguration networks
          • Control Categories
          • IT Disaster Recovery Plan
          • Assessment & Auditing Resources
          • (EPSS) Exploit Prediction Scoring System
          • What is zero trust
          • Risk Management basic steps
        • Dora - Digital Operational Resilience Act
        • FAR Federal Acquisition Regulations
        • Epeat Usable Devices
        • Harden Windows Security
        • Active Directory security assessment using PowerShell
        • What is EDR and XDR
        • What is IAM (Identity and access management)
        • What is PPI (Private Personal Information)
        • What is PAM (Privileged access management)
        • Account compromise procedure
        • End of life policy
        • (SPRS) Supplier Performance Risk System
      • PDQ
        • Commands
      • Entra Admin Center - Conditional Access
        • Conditional Access Manage named locations and IP ranges
        • Conditional Access - Block unknown or unsupported device platform
        • Microsoft Entra conditional access: block access by location
        • Azure AAD create a alert to email when conditional access and Audit logs catch a oddity
        • Apply Conditional Access Policy to Microsoft Copilot
        • Conditional Access block Microsoft Azure CLI
      • Password Auditing
        • DSInternals
      • GRC Tools (Governance, Risk, and Compliance)
        • CISO Assistant
        • Soc Chef Policy Creator
    • Siems and EDR
      • Splunk
        • Install
        • Splunk forwarder
          • Install forwarder via Powershell
          • Windows Defender event-viewer and logs
          • Powershell History Logs
        • Log Locations
        • Search Queries
          • Windows Detailed activity properties in the audit log
          • SPL Breakdown
          • SPL
        • Create a email alert
        • Monitoring a file from a PC
        • Resources
          • Detecting Business Email Compromise Using Splunk
          • Install Splunk AI Assistant for SPL
          • Turning on File Folder Auditing
          • Uploading lookup table csv file
          • Export Splunk results to CSV file
          • Open-source detection rules like SigmaRules and Splunk ESCU rules
          • Splunk research Detection, Analytics Playbooks and stats
          • Teams Detailed activity properties in the audit log
        • Creating Graphs and Dashboards
        • Splunkbase Apps
          • Splunkbase App Values
          • Verkada Splunk Integration
          • Microsoft teams add-on for Splunk
          • Add Bit-warden to Splunk
          • Top Splunk Apps
          • MITRE ATT&CK App for Splunk
          • Splunk Enterprise Security
        • Create/Modify User account
        • Stop auto logout
        • Splunk Deployment Server
          • Deployment Resources
          • Other Types of Deployment Servers that can be used
        • Calling Rest API from Splunk
        • Splunk Python Lookup Script app Development
        • (Settings) Data Inputs + Scripting Examples
        • Splunk Soar
          • Install SOAR
          • Connect Splunk Enterprise With SOAR
      • Wazuh
        • Default register agent config
        • Monitoring process to look for a app running
        • Alert number in wazuh
        • Custom Rules
        • Adding windows defender logs
        • Malware test files
        • Wazuh training
        • Wazuh remote commands endpoint agent
        • Wazuh to allow ssh to machine
        • Wazuh osquery
        • Wazuh manager server and agent upgrade
        • Wazuh download
        • Wazuh API
        • Wazuh agent (edit)
        • Custom Log File
        • location of config file
        • Make a user in wazuh and adding perms
        • Proof of concept guide
        • Wazuh endpoint agent custom config elements
        • Wazuh debug logs
        • Wazuh email notification
        • Wazuh moniter office 360
        • Wazuh making and modifying user groups
        • Wazuh Siem/EDR
      • Gravwell
        • Queries
        • Gravwell Docker Install
      • OpenEDR
      • Data for SIEM
        • IP from Companies
          • Microsoft
          • Google
          • misp-warninglists and tools to scrape
          • Azure cloud IP Addresses
          • T-mobile IP Geo location
          • Verizon Wireless IP Geo Location
        • VPN IP
          • VPN (nord, proton, ...)
          • Proton VPN and Data Centers
        • IP Block-Lists
          • domainthreat
          • Blocklist.de
          • Scam-Blocklist
          • Blocklist-ipsets
        • Malicious User Agents
          • User Agents
        • Proofpoint Emerging Threats Rules
    • Graphing Tools
      • Figma Program Graphing
      • Photopea
      • Mind map creating diagrams
      • OpenFreeMap
      • Data Formulator turn CSV files to graphs
    • Website Dev
      • RevolverMaps
      • Emailerjs
      • Kaspersky CYBERTHREAT REAL-TIME MAP
      • SafeLine WAF
      • (build this)fake captcha page
      • Bunker Web Waf
      • thttpd - tiny/turbo/throttling HTTP server
    • Lanuages
      • Node
        • Lets Encrypt
        • Quick start node
        • Gmail API retrieve emails from gmail
      • Golang
        • Quick start Go
      • Library
        • Mercy Rust lib pentesting
        • Offensive cpp
        • Graftcp
      • Python
        • Python to EXE file
        • Pwntools python lib
        • Python-For-Cybersecurity
        • How to Launch an HTTP Server in One Line of Python Code
        • Virus-Builder
        • Server Agent example Squidnet bot
        • Impacket Pentesting lib
        • NiceGUI python UI Lib
        • Mac - Python starting a venv
      • bash
        • Check for Leaked Passwords on HaveIBeenPwned
    • GitHub
      • Make Personal tokens for use in your programs
      • OpenSauced github repository finder
    • Gaming
      • Ryujinx Switch Emulator
      • Runescape Botting
        • osBot
          • {1} how to begin
          • {2} basic script
          • {4} helper methods
          • {3} building script
          • {5} accessing the Inventory, Bank, Player, etc. instances
          • {6} Positions, areas and moving the player
          • {7} Entities (Players, RS2Objects, NPCs and GroundItems)
          • {8} Interactions
          • {9} Sleeping
          • {10} Items and ItemContainers (Inventory, Bank, Equipment, Store, ...)
          • {11} Filtering
          • {12} Widgets
          • {13} Painting, messagebox
          • {14} Putting it all together
          • {15} Adding a GUI
          • osrs botting software
          • resources
          • Where to mine
        • OSRSBot
          • OSRSBot basics
        • runeLite
          • Runlite dev setup
      • World of Warcraft on a Steam deck
    • Cursor AI code editor
  • IT Help
    • Windows
      • SYSAdmin
        • Tools
          • Psfile
          • Active Directory Explorer v1.52
          • ShareEnum file share Enum
          • ADRestore
          • Autologon
          • Active Directory Download link
          • notMyFault windows crashing tool
          • TestLimit
          • Windows password recovery tools
          • Install Active Directory Tools 10 and 11
        • Export OneDrive usage report in Microsoft 365
        • How to Configure High Volume Email in Microsoft 365
        • Monitor connected remote clients for activity and status
        • Windows common commands enum
        • Commands Group policy updating an checking status
        • Audit Active Directory in windows
        • Common Microsoft Resources in Azure Active Directory
        • Audit Microsoft 365 logs
        • Windows Triaging with Powershell — Part 1: Parsing Event Logs
        • How to Give OneDrive Access to Another User
        • List of devices connected to Microsoft
        • Check who has remoted in to a PC
        • Diskpart Format Disk
        • Active Directory – How to track down why and where the user account was locked out
        • Take User out of cached exchange mode in settings
        • Commands Group policy updating an checking status
        • Clear Windows Creds
        • (Purview) Microsoft 365 - How to create an alert policy
        • Making a AD group and adding a security policy
        • Azure event codes
        • Delaying a service starting in Microsoft
        • Block a message from being sent or received based on the file name extension of the attachment
        • Renew a root CA certificate
        • Plan and deploy on-premises Microsoft Entra Password Protection
        • How To Make An Automated Windows 11 Install USB, Updated for 2025
      • Office Product
        • Classic Outlook desktop can't read encrypted email
        • Create a desktop shortcut for an Office program
        • How to Disable access to install Office add-ins
        • Outlook shared email location
        • Excel Developer Tab in ribbon
        • Create Outlook Rule to Forward Incoming E-mails
        • How to Create Distribution Lists in Outlook
        • Hard delete mailbox without deleting user account in Microsoft 365
        • Send automatic out of office replies from Outlook.com or Outlook on the web
        • How to remove a saved email address from Outlook's autocomplete List
        • Outlook 365 unthreading email replies
        • How to Force Outlook(Classic) to Update the Job Title
        • Block or unblock senders in Outlook
        • Install Microsoft Projects
        • Outlook Send as or as behalf Email
        • How to make lined paper in Microsoft word
      • Group Policy
        • Configure User’s Folder Redirection with Group Policy
        • Make Edge open a custom site
        • How to unlink and link GPO policies
        • Creating a Security Group, adding to folder and Disabling Inheritance
      • How to uninstall a program through windows command prompt
      • Change Password in windows and mac
      • Reinstalling RDP on a windows machine
      • Microsoft .net 3.5 keeps popping up and wont install
      • Flare-VM Sandbox Guide: Creating an Isolated Lab Environment for Malware Analysis & Reverse Engineer
      • Add swap memory to lower ram devices
      • Limit what the account can logon to an hours accessed
      • How to delete user profiles windows
      • "HTTP Error 503. The service is unavailable" then browsing to /ECP "exchange 2019"
      • How to disable "shake to minimize" on Win10
      • Check who has remoted in to a pc
      • Download and exe payloads from DNS
      • C# 2013 Default certificate could not be created. Publish aborting
      • Windows S mode disable
      • EventLogging
      • TCP packet cheat sheet
      • Common ports and services
      • Edge How to create a shortcut that launches a non-default-browser to a website
      • Windows 11 camera not working Error: 0xA00F429F
      • Native Bypass CredGuard
      • Schedule Automatic Reboots Using Task Scheduler Reboot
      • Windows server 2022 not able to default view image files like png, jpeg and ext ...
    • Mobile
      • Enter Android’s Bootloader
      • Set Up Microsoft Authenticator
    • Programs
      • Make A OVA file from you virtual box VM
      • Adobe XI redact location
      • Yubikey Manager
      • Security Camera ExacqVision Key Shortcuts
      • Forensic Analysis of LNK Files
      • How to Enable and Disable Sync in Chrome and Edge
      • Cisco Wi-Fi not working how to Unblock IP in barracuda
      • Chrome & Edge Import export bookmarks
      • How to Create Multiple Chrome Profile Shortcuts on Your Desktop
      • 7zip opening vdmk file
      • Add VMware tools to Debian
      • Forensics make a live copy of PC
      • Forensics get LM hash from windows PC
      • Hyper-V
      • Resetting Windows 8.1 Password Hack
      • Finding encrypted files on PC
      • PDQ
        • PDQ Connect
          • Install Agent
          • Offline Computer Target
          • Deploy to Device
      • Hyper-v Make Linux full screen
      • Linux Firewall commands
      • PowerDNS and PowerAdmin rocky linux
      • Find saved passwords on PC
      • How to Fix “iMessage is Signed Out” Error on iPhone
      • How To: Connect To A Network Shared Folder With Mac OS X
      • Install Cisco AnyConnect Secure Mobility Client on a Mac Computer
      • Bitwarden Import Data from LastPass
      • Create a desktop shortcut to open a specific URL in Chrome while default browser is Edge
      • Removing Edge popups
      • Chrome clear cashed browser data
      • Dropbox taking up storage on physical devices
    • Networking
      • DNS
        • Overview
        • Configure forwarders, delegation and root hints
        • Root servers with map in the world
        • Primary and Secondary DNS Zones
        • Zones and SOA(state of Authority)
        • Types of records
        • Record Management and Updates
        • Single- Label Name Resolution and Suffix
        • Server Properties
        • Protection
        • Policies
        • Monitoring and Troubleshooting
      • TCP/IP
        • IPv4
        • IPv6
        • IPv4-to-IPv6 Transitional Technologies
      • DHCP
        • Install DHCP and Sending Order
        • DHCP Scopes
        • DHCP Options
        • Advanced Scopes - Super-scopes, Multicast Scopes and IPv6
        • Centralized DHCP and PXE
        • DHCP Policies
        • Maintain the DHCP Database
        • Troubleshooting DHCP
    • Resume tools
      • Latex resume builder
      • Eforms
      • eSign
      • MarkItDown
  • Security Education
    • Monthly Security topics Outline
    • Do not call number spam
    • Games
      • Cyber Awareness Challenge
      • Cyber Crosswords
      • Damn Vulnerable Restaurant
      • Education arcade cyber security Game
      • Nova Games Cyber Security
      • Texas A&M cyber security games
      • CTF time
      • National Cyber League CTF game
      • Forensics Simulation Compromised Windows server 2022
    • Sec News
      • The Tor Times
      • Darkfeed.io Ransomware
      • All Info-sec News
      • Write-ups - Pen-tester Land
      • Dark Reading
      • Defcon Site
      • The Sysadmin Channel
      • Security Affairs
      • Malware Gallery, History of Malware
      • meterpreter.org
    • Online Learning
      • pwn.college
      • Cisco Ethical hacker lab
      • Windows Privilege Escalation Crash Course
      • Hack the box
      • Try hack me
      • Hacknetics Pentesting Gitbook
    • Comics
    • Communities
      • Onniforums
      • Morioh programmer social media
      • Null.to
      • (ru) Xxs.is blog
      • Breached forums
      • D4rk forums
      • Hack Forums
      • Ohio Infosec
      • Doxbin
      • Bug Bounty Community
    • Videos
      • Barracuda
      • Microsoft
Powered by GitBook
On this page
  1. Development
  2. Compliance
  3. Entra Admin Center - Conditional Access

Microsoft Entra conditional access: block access by location

PreviousConditional Access - Block unknown or unsupported device platformNextAzure AAD create a alert to email when conditional access and Audit logs catch a oddity

Last updated 5 months ago

Step 1: Create a Conditional Access Policy to Block Non-US Access

  1. Go to Azure AD:

    • Sign in to the Azure portal:

    • Navigate to Azure Active Directory > Security > Conditional Access.

  2. Create a New Policy:

    • Click on + New policy.

  3. Set Assignments:

    • Users or workload identities:

      • Select Specific users and choose the target user(s).

    • Cloud apps or actions:

      • Choose All cloud apps to block access globally.

    • Conditions:

      • Under Locations:

        • Click Configure > Select Yes.

        • Under Include, select Any location.

        • Under Exclude, click Selected locations > Select United States (you need to create a named location for the US if it doesn’t exist).

  4. Define Access Controls:

    • Under Grant, select Block access.

  5. Enable the Policy:

    • Set Enable policy to On and click Create.

https://portal.azure.com
Conditional Access - Block access by location - Microsoft Entra IDMicrosoftLearn
Logo