Tool Stack

What I use daily in security operations. No affiliate links, no vendor kickbacks - just tools that work.

Endpoint Security

Sysmon

Microsoft Sysinternals. Essential for endpoint visibility. Logs process creations, network connections, file modifications, and more. Free.

Free

Essential

Defender for Endpoint

Microsoft's enterprise EDR. Solid detection, good integration with the Microsoft stack. Requires tuning to reduce noise.

M365

Paid

Process Monitor

Another Sysinternals gem. Real-time file system, registry, and process activity. Indispensable for troubleshooting.

Free

Autoruns

Most comprehensive auto-start viewer. Use it to find persistence mechanisms during IR.

Free

Velociraptor

Open-source endpoint visibility and response tool. Great for hunting across large fleets without enterprise budget.

Free

Open Source

Network Security

Wireshark

The network protocol analyzer. If you can't figure out what's happening on the wire, this will tell you.

Free

Essential

Zeek (Bro)

Network security monitor. Generates logs from network traffic for analysis. Pairs well with SIEM.

Free

Open Source

nmap

Network discovery and security auditing. Still the best at what it does after all these years.

Free

Suricata

Intrusion detection and prevention. Good for network-based threat detection at the perimeter.

Free

IDS/IPS

Microsoft 365 / Azure AD

Microsoft Sentinel

Cloud-native SIEM. Good for M365-heavy environments. KQL is your friend here.

Paid

SIEM

Microsoft Defender XDR

Unified threat protection across endpoints, email, identities, and apps. Part of the M365 security stack.

M365

Paid

EXO PowerShell Module

Exchange Online management via PowerShell. For when the GUI isn't enough.

Free

Azure AD PowerShell

Identity management and investigation. Essential for Azure AD operations.

Free

Analysis & Investigation

CyberChef

The Swiss Army knife of data conversion. Decode, encode, analyze - all in the browser. Use the hosted version or run locally.

Free

Essential

Volatility

Memory forensics framework. Extract artifacts from memory dumps during IR.

Free

YARA

Pattern matching tool for malware researchers. Write rules to identify and classify malware.

Free

Any.Run

Interactive malware sandbox. Watch malware execute in real-time. Great for analysis and training.

Freemium

Sandbox

Scripting & Productivity

PowerShell 7

The blue team's best friend. Cross-platform, modern, and everywhere in Windows environments.

Free

Essential

VS Code

Code editor with great PowerShell extension. Integrated terminal, debugging, the works.

Free

Windows Terminal

Modern terminal for Windows. Tabs, profiles, customization. Much better than cmd.exe.

Free

Notepad++

Quick text editing. Fast, lightweight, handles large files well.

Free

Homelab

Proxmox VE

Open-source virtualization platform. Run your lab VMs and containers here.

Free

Virtualization

pfSense

Firewall/router. Segment your lab network and learn networking the hard way.

Free

Docker

Containerization. Spin up security tools quickly without polluting your host.

Free

LimaCharlie

Security infrastructure as a service. Great for learning EDR concepts without enterprise budget.

Freemium

Tool Philosophy

Free is good. Many of the best security tools are free or open source.
Learn the CLI. GUIs are nice, but command-line skills transfer everywhere.
Document everything. If you can't reproduce it, it didn't happen.
Automate repetitive tasks. Your time is better spent thinking than clicking.
Test in a lab first. Never try something new in production.