invictus-ir / IOCsView external linksLinks
Invictus Threat Intelligence: IOCs and TTPs from blogs, research and more
☆30Nov 26, 2025Updated 2 months ago
Alternatives and similar repositories for IOCs
Users that are interested in IOCs are comparing it to the libraries listed below
Sorting:
- Assess certain AWS network configurations☆12Aug 22, 2018Updated 7 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- ☆31Updated this week
- Repository with supporting materials for Invictus Academy/Training☆44Jan 3, 2025Updated last year
- Performing secure code review with LLMs (and vibe coding IDEs)☆36Aug 5, 2025Updated 6 months ago
- A public collection of detections designed to detect threats associated with the Okta WIC Platform.☆13Jan 5, 2026Updated last month
- ☆21May 8, 2022Updated 3 years ago
- Cleo Unrestricted file upload and download PoC (CVE-2024-50623)☆25Dec 11, 2024Updated last year
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 6 months ago
- A recon tool for GCP Service Account Keys that requires no permissions☆25Apr 14, 2025Updated 10 months ago
- Quick ESXi Log Parser☆28Oct 20, 2025Updated 3 months ago
- MAES: M365 Analyzer & Extractor Suite Po☆33Updated this week
- TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes co…☆23Aug 7, 2024Updated last year
- Sample evtx files to use for testing hayabusa detection rules☆64Nov 5, 2025Updated 3 months ago
- ☆102Dec 9, 2025Updated 2 months ago
- lnk_parser is a full rust implementation to parse windows LNK files☆22Jul 12, 2025Updated 7 months ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 10 months ago
- Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses.☆31Nov 6, 2023Updated 2 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- ☆72Oct 24, 2025Updated 3 months ago
- A collection of methods to learn who the owner of an IP address is.☆224Sep 29, 2025Updated 4 months ago
- Cloudformation Template and Lambda to detect if Instance Profile credentials are being used outside your AWS Account.☆29Aug 18, 2019Updated 6 years ago
- Open-source best practices for protecting a secure, sensible cloud platform☆129Oct 25, 2024Updated last year
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆198Jan 6, 2026Updated last month
- Hands-on MCP security lab: 10 real incidents reproduced with vulnerable/secure MCP servers, pytest regressions, and Claude/Cursor battle-…☆81Dec 3, 2025Updated 2 months ago
- ☆33Feb 26, 2022Updated 3 years ago
- ☆30Jan 13, 2026Updated last month
- Finding ClickFix and FakeCAPTCHA like it's 1999☆121Updated this week
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆80Jan 6, 2026Updated last month
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆84Jan 30, 2026Updated 2 weeks ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated 11 months ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆167Dec 7, 2025Updated 2 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Jan 13, 2026Updated last month
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- Extract compressed memory pages from page-aligned data☆47Sep 25, 2018Updated 7 years ago
- ☆41Nov 29, 2024Updated last year
- This repository contains a comprehensive set of Conditional Access (CA) policies and PowerShell management tools for Microsoft Entra ID (…☆102Mar 11, 2025Updated 11 months ago
- This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector finding…☆49Jul 4, 2025Updated 7 months ago