A public collection of detections designed to detect threats associated with the Okta WIC Platform.
☆13Jan 5, 2026Updated last month
Alternatives and similar repositories for customer-detections
Users that are interested in customer-detections are comparing it to the libraries listed below
Sorting:
- An index of publicly available and open-source threat detection rulesets.☆130Apr 17, 2025Updated 10 months ago
- Invictus Threat Intelligence: IOCs and TTPs from blogs, research and more☆30Nov 26, 2025Updated 3 months ago
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆84Jan 30, 2026Updated last month
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆101Aug 15, 2025Updated 6 months ago
- The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect…☆76Feb 10, 2026Updated 2 weeks ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- JamfHound is a python3 project designed to collect and identify attack paths in Jamf Pro tenants based on existing object permissions by …☆121Sep 2, 2025Updated 5 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Playbook-NG is a stateless web-based application used to match incident findings with countermeasures for adversary containment and evict…☆155Dec 5, 2025Updated 2 months ago
- ☆14Jan 8, 2026Updated last month
- Hijack a slack bot to phish your way in☆57Jul 17, 2025Updated 7 months ago
- Generate datasets of cloud audit logs for common attacks☆233Feb 13, 2026Updated 2 weeks ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆168Dec 7, 2025Updated 2 months ago
- Quick ESXi Log Parser☆29Oct 20, 2025Updated 4 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆51Sep 22, 2025Updated 5 months ago
- Google Maps for AWS IAM☆261Feb 21, 2026Updated last week
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated 2 months ago
- 🖥️ Windows 🚀 A Windows tool for emergency privacy: instantly deletes sensitive data and active logins to protect my information during …☆54Jan 26, 2026Updated last month
- Anvilogic Forge☆114Sep 18, 2025Updated 5 months ago
- Automated Cloud Misconfiguration Testing☆22Jun 20, 2025Updated 8 months ago
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 3 months ago
- A preconfigured Velociraptor triage collector☆76Feb 16, 2026Updated last week
- PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection…☆725Feb 14, 2026Updated 2 weeks ago
- TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…☆51Nov 9, 2025Updated 3 months ago
- Collection of example YARA-L rules for use within Google Security Operations☆473Dec 5, 2025Updated 2 months ago
- MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testin…☆20Oct 8, 2025Updated 4 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- An offensive toolkit for restless guests #DEFCON33☆53Aug 11, 2025Updated 6 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆302Feb 21, 2026Updated last week
- Aftermath is a free macOS IR framework☆569Sep 25, 2025Updated 5 months ago
- AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. …☆110Jul 21, 2025Updated 7 months ago
- ☆65May 21, 2024Updated last year
- Summaries, transcripts, key points, and other useful insights from fwd:cloudsec 2025 talks for those of us who don't have time to watch e…☆85Jul 4, 2025Updated 7 months ago
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆70Feb 3, 2022Updated 4 years ago
- Windows Forensics Salt States☆21Feb 19, 2026Updated last week
- ☆18Feb 2, 2026Updated 3 weeks ago
- Conceptual Methods for Finding Commonalities in Macho Files☆12Mar 21, 2024Updated last year