invictus-ir / Sigma-AWSView external linksLinks
This repository contains the research and components of our research into using Sigma for AWS Incident Response.
☆31Jul 12, 2023Updated 2 years ago
Alternatives and similar repositories for Sigma-AWS
Users that are interested in Sigma-AWS are comparing it to the libraries listed below
Sorting:
- A dataset with CloudTrail events from an attack simulation using Stratus.☆24Jul 12, 2023Updated 2 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- ☆73Oct 21, 2024Updated last year
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆17Jun 11, 2024Updated last year
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆60Jun 7, 2022Updated 3 years ago
- Bunch of honey related items that spoof/decoy powersploit functions.☆18Apr 23, 2020Updated 5 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆23Oct 9, 2024Updated last year
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆198Jan 6, 2026Updated last month
- Workflows for Shuffle☆24Oct 26, 2022Updated 3 years ago
- ☆374Feb 23, 2024Updated last year
- CRACK AND CHECK HASH TYPES IN BULK☆13Jul 28, 2021Updated 4 years ago
- ☆11Dec 9, 2025Updated 2 months ago
- ☆13Oct 29, 2024Updated last year
- Remote Desktop Protocol .NET Console Application for Authenticated Command Execution☆12Jan 21, 2020Updated 6 years ago
- Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plug☆11Jun 20, 2020Updated 5 years ago
- osquery input plugin☆10Oct 23, 2018Updated 7 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- Purple Team Security☆76Mar 24, 2022Updated 3 years ago
- Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security, Identity & Compliance Services to Support your AWS Accoun…☆16Apr 26, 2020Updated 5 years ago
- /ˈhäjˌpäj/ "a confused mixture."☆13Updated this week
- Example of a serverless web reconaissance workflow's AWS architecture.☆11Feb 25, 2023Updated 2 years ago
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆15Dec 3, 2020Updated 5 years ago
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 6 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆219Oct 26, 2025Updated 3 months ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆172Updated this week
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Jan 30, 2026Updated 2 weeks ago
- ☆20Feb 6, 2024Updated 2 years ago
- NTFSx is a tool for extracting files from an NTFS filesystem that are otherwise inaccessible.☆14Jul 26, 2013Updated 12 years ago
- Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment☆14Jan 7, 2026Updated last month
- PoC for extracting office files into PDF file metadata☆11Sep 11, 2019Updated 6 years ago
- A web scraper to create MISP events and reports☆17Jun 30, 2025Updated 7 months ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Pythonize Intruder Payload☆13Dec 15, 2020Updated 5 years ago
- DNS Dashboard for hunting and identifying beaconing☆16Jul 29, 2020Updated 5 years ago
- PhishLog is a penetration testing and red teaming tool that automates the setup of a live keylogger that could be used with phishing camp…☆30Apr 22, 2019Updated 6 years ago
- Simulates a compromise in a cloud and container environment☆33Dec 18, 2024Updated last year
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Andro…☆41Jun 10, 2025Updated 8 months ago