Invictus Incident Response

Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Invictus-AWS

A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response.

ALFA

ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework

Blue-team-app-Office-365-and-Azure

aws-cheatsheet

A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.

o365_dataset

A dataset containing Office 365 Unified Audit Logs for security research and detection

Invictus-training

Repository with supporting materials for Invictus Academy/Training

Sigma-AWS

This repository contains the research and components of our research into using Sigma for AWS Incident Response.

aws_dataset

A dataset with CloudTrail events from an attack simulation using Stratus.

cobaltstrike

Collection of resources related to Cobalt Strike investigations

gws_dataset

Google Workspace Audit logs containing several attacks

kql_queries

KQL queries for Incident Response

macOS

Repository for macOS related security research

entra-apps

List of Microsoft Apps in Entra ID

talks

An overview of our talks at security conferences

KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Email-Forwarding-Rules

A mind map of email forwarding rule evidence in Microsoft 365

cyber-security-hub.github.io

Cyber Security Trainings

Office-365-Extractor

The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)