PwC-IR / Business-Email-Compromise-Guide
The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions.
☆246Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for Business-Email-Compromise-Guide
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆257Updated 2 years ago
- PowerShell module for Office 365 and Azure log collection☆249Updated this week
- Repository of SentinelOne Deep Visibility queries.☆119Updated 3 years ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆481Updated last week
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆193Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆230Updated 2 months ago
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE☆105Updated 2 weeks ago
- Real-time Response scripts and schema☆104Updated 11 months ago
- Advanced Hunting Queries for Microsoft Security Products☆106Updated last year
- The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…☆421Updated last year
- Repository with Sample KQL Query examples for Threat Hunting☆202Updated 2 years ago
- ☆80Updated 2 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆340Updated this week
- Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.☆465Updated 8 months ago
- ☆52Updated last year
- A guide to using Azure Data Explorer and KQL for DFIR☆96Updated 2 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆86Updated 3 years ago
- SentinelOne STAR Rules☆50Updated last year
- Tools for simulating threats☆177Updated last year
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆179Updated 2 months ago
- Powershell module for VMWare vSphere forensics☆140Updated last week
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆78Updated 4 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆185Updated last week
- KQL queries for Advanced Hunting☆166Updated 4 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆109Updated 11 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆356Updated 2 months ago
- Sysmon configuration file template with default high-quality event tracing☆454Updated 9 months ago
- MISP to Sentinel integration☆59Updated this week