tesorion / TCERT-Cumulonimbus-UAL_ExtractorView external linksLinks
Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a Microsoft 365 environment.
☆21Oct 25, 2023Updated 2 years ago
Alternatives and similar repositories for TCERT-Cumulonimbus-UAL_Extractor
Users that are interested in TCERT-Cumulonimbus-UAL_Extractor are comparing it to the libraries listed below
Sorting:
- Extract files off NTFS☆22Nov 1, 2014Updated 11 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆219Oct 26, 2025Updated 3 months ago
- Serverless AWS application to upload and hash evidence files.☆23Oct 26, 2022Updated 3 years ago
- An advanced parser for INDX records☆29Aug 7, 2019Updated 6 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆24Jul 9, 2021Updated 4 years ago
- Disk Image Mounting Script☆11Jan 22, 2026Updated 3 weeks ago
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- Old home of LimaCharlie, open source EDR☆32Sep 4, 2023Updated 2 years ago
- ☆30Nov 15, 2018Updated 7 years ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆34Feb 2, 2022Updated 4 years ago
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆14Feb 1, 2022Updated 4 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Sep 4, 2021Updated 4 years ago
- Command line $MFT record decoder☆12May 20, 2017Updated 8 years ago
- Parses USB connection artifacts from offline Registry hives☆107Updated this week
- ☆17Sep 9, 2020Updated 5 years ago
- iOS Snapchat parser for chats and cached files☆21Aug 25, 2022Updated 3 years ago
- ☆14Oct 24, 2024Updated last year
- Scripts for MacOS related tasks.☆18Feb 16, 2020Updated 5 years ago
- Registry timestamp manipulation☆17Feb 26, 2014Updated 11 years ago
- Serving files with conditions, serverside keying and more.☆18May 26, 2022Updated 3 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆275May 10, 2025Updated 9 months ago
- Various tools, scripts, and techniques☆19May 13, 2020Updated 5 years ago
- ☆128May 5, 2025Updated 9 months ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Mass Triage Tools☆20Dec 16, 2025Updated last month
- The Infosec Community Definitive Guide to Jupyter Notebooks☆131Oct 17, 2020Updated 5 years ago
- Synthetic Adversarial Log Objects: A Framework for synthentic log generation☆86Jan 11, 2024Updated 2 years ago
- Makes files super hidden on NTFS☆18Aug 14, 2014Updated 11 years ago
- Downgrade HTTP authentication on the network to capture clear-text credentials from clients☆19Nov 7, 2023Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆310Sep 3, 2023Updated 2 years ago
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Updated this week
- Bloodhound Portable for Windows☆53Apr 1, 2023Updated 2 years ago
- A mirror of several precompiled standalone red-teaming tools.☆19Feb 2, 2023Updated 3 years ago
- Easy to extend initial access scenario to help with EDR testing on Linux and Mac☆26Mar 20, 2022Updated 3 years ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆765Jan 15, 2026Updated last month
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆68Aug 20, 2025Updated 5 months ago
- Workflows for Shuffle☆24Oct 26, 2022Updated 3 years ago
- Initial triage of Windows Event logs☆106Jun 16, 2024Updated last year