PwC-IR / MIA-MailItemsAccessed-View external linksLinks
Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features from the Office 365 Audit Log.
☆41Oct 20, 2020Updated 5 years ago
Alternatives and similar repositories for MIA-MailItemsAccessed-
Users that are interested in MIA-MailItemsAccessed- are comparing it to the libraries listed below
Sorting:
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆266Feb 3, 2022Updated 4 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆277Feb 2, 2021Updated 5 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- Office365 Log Analysis Framework☆81Jun 6, 2019Updated 6 years ago
- Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.☆28Apr 22, 2023Updated 2 years ago
- A web scraper to create MISP events and reports☆17Jun 30, 2025Updated 7 months ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…☆21Sep 6, 2022Updated 3 years ago
- MalwareAnalysis☆12Dec 19, 2020Updated 5 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Parser for Windows Scheduled Task files.☆13Apr 26, 2023Updated 2 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Powershell Based tool for gathering information related to O365 intrusions and potential Breaches☆922Mar 7, 2025Updated 11 months ago
- ☆15Aug 29, 2025Updated 5 months ago
- A MITRE ATT&CK Lookup Tool☆46Apr 25, 2024Updated last year
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆21Jan 5, 2025Updated last year
- ☆21Apr 19, 2024Updated last year
- Defender for Endpoint☆18Mar 11, 2024Updated last year
- Dissect triage scripts for Citrix NetScaler devices☆69Nov 17, 2025Updated 2 months ago
- Another MISP module for Python☆18Feb 17, 2020Updated 5 years ago
- A series of python scripts to extract information from SQLite Data Files☆21Nov 15, 2025Updated 3 months ago
- ☆19Sep 18, 2023Updated 2 years ago
- A collection of scripts to facilitate management of Microsoft Defender XDR products + Sentinel.☆31Nov 11, 2025Updated 3 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆78Jan 9, 2024Updated 2 years ago
- Documentation used for Shuffle☆21Updated this week
- ☆21Feb 10, 2021Updated 5 years ago
- ☆19Apr 16, 2021Updated 4 years ago
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 4 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago
- Best prompt usecase for Top App/Website Builder☆25Aug 30, 2025Updated 5 months ago
- SigmaHQ pySigma CrowdStrike processing pipeline☆27Nov 30, 2025Updated 2 months ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆89Aug 29, 2023Updated 2 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- Flubot DGA domains☆19Dec 1, 2021Updated 4 years ago
- Workflows for Shuffle☆24Oct 26, 2022Updated 3 years ago
- ☆23Jun 1, 2023Updated 2 years ago
- Intune configuration files for MacOS Sonoma hardening☆31Dec 6, 2023Updated 2 years ago
- Carbon Black Response IR tool☆55Dec 10, 2020Updated 5 years ago