Skip to content

@invictus-ir Invictus Incident Response

Change the repository type filter

All

    Repositories list

    19 repositories

    • Microsoft-Extractor-Suite

      Public
      A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
      microsoftmicrosoft365
      PowerShell
      GNU General Public License v2.0
      7450140Updated Dec 15, 2024Dec 15, 2024

    • ALFA

      Public
      ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
      Python
      MIT License
      2215111Updated Dec 2, 2024Dec 2, 2024

    • Blue-team-app-Office-365-and-Azure

      Public
      GNU General Public License v3.0
      107000Updated Oct 21, 2024Oct 21, 2024

    • Invictus-training

      Public
      Repository with supporting materials for Invictus Academy/Training
      Shell
      33900Updated Oct 6, 2024Oct 6, 2024

    • Invictus-AWS

      Public
      A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response.
      Python
      MIT License
      1418200Updated Oct 2, 2024Oct 2, 2024

    • talks

      Public
      An overview of our talks at security conferences
      0600Updated May 21, 2024May 21, 2024

    • aws-cheatsheet

      Public
      A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
      MIT License
      136201Updated May 8, 2024May 8, 2024

    • KQL-threat-hunting-queries

      Public
      A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
      MIT License
      69500Updated Dec 27, 2023Dec 27, 2023

    • entra-apps

      Public
      List of Microsoft Apps in Entra ID
      2701Updated Nov 8, 2023Nov 8, 2023

    • kql_queries

      Public
      KQL queries for Incident Response
      4900Updated Oct 31, 2023Oct 31, 2023

    • aws_dataset

      Public
      A dataset with CloudTrail events from an attack simulation using Stratus.
      MIT License
      31800Updated Jul 12, 2023Jul 12, 2023

    • Sigma-AWS

      Public
      This repository contains the research and components of our research into using Sigma for AWS Incident Response.
      Python
      MIT License
      52500Updated Jul 12, 2023Jul 12, 2023

    • cyber-security-hub.github.io

      Public
      Cyber Security Trainings
      SCSS
      GNU General Public License v3.0
      18200Updated May 31, 2023May 31, 2023

    • Email-Forwarding-Rules

      Public
      A mind map of email forwarding rule evidence in Microsoft 365
      0300Updated Feb 20, 2023Feb 20, 2023

    • gws_dataset

      Public
      Google Workspace Audit logs containing several attacks
      MIT License
      1700Updated Aug 15, 2022Aug 15, 2022

    • macOS

      Public
      Repository for macOS related security research
      3700Updated Jun 7, 2022Jun 7, 2022

    • cobaltstrike

      Public
      Collection of resources related to Cobalt Strike investigations
      2900Updated Jun 7, 2022Jun 7, 2022

    • o365_dataset

      Public
      A dataset containing Office 365 Unified Audit Logs for security research and detection
      54800Updated Jun 7, 2022Jun 7, 2022

    • Office-365-Extractor

      Public
      The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
      PowerShell
      32200Updated May 24, 2022May 24, 2022