Skip to content

@invictus-ir Invictus Incident Response

Change the repository type filter

All

    Repositories list

    21 repositories

    • Microsoft-Extractor-Suite

      Public
      A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
      microsoftmicrosoft365
      PowerShell
      GNU General Public License v2.0
      10068301Updated Aug 21, 2025Aug 21, 2025

    • IOCs

      Public
      Invictus Threat Intelligence: IOCs and TTPs from blogs, research and more
      01200Updated Aug 19, 2025Aug 19, 2025

    • KubeForenSys

      Public
      A Kubernetes Forensic Collection Framework for Azure Kubernetes Service
      Python
      GNU General Public License v2.0
      33400Updated Aug 15, 2025Aug 15, 2025

    • ALFA

      Public
      ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
      Python
      MIT License
      2516400Updated Mar 3, 2025Mar 3, 2025

    • entra-apps

      Public
      List of Microsoft Apps in Entra ID
      21010Updated Jan 3, 2025Jan 3, 2025

    • Invictus-training

      Public
      Repository with supporting materials for Invictus Academy/Training
      Shell
      54300Updated Jan 3, 2025Jan 3, 2025

    • Blue-team-app-Office-365-and-Azure

      Public
      GNU General Public License v3.0
      107300Updated Oct 21, 2024Oct 21, 2024

    • Invictus-AWS

      Public
      A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response.
      Python
      MIT License
      1719201Updated Oct 2, 2024Oct 2, 2024

    • talks

      Public
      An overview of our talks at security conferences
      0800Updated May 21, 2024May 21, 2024

    • aws-cheatsheet

      Public
      A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.
      MIT License
      177601Updated May 8, 2024May 8, 2024

    • KQL-threat-hunting-queries

      Public
      A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
      MIT License
      89600Updated Dec 27, 2023Dec 27, 2023

    • kql_queries

      Public
      KQL queries for Incident Response
      81100Updated Oct 31, 2023Oct 31, 2023

    • aws_dataset

      Public
      A dataset with CloudTrail events from an attack simulation using Stratus.
      MIT License
      62300Updated Jul 12, 2023Jul 12, 2023

    • Sigma-AWS

      Public
      This repository contains the research and components of our research into using Sigma for AWS Incident Response.
      Python
      MIT License
      92901Updated Jul 12, 2023Jul 12, 2023

    • cyber-security-hub.github.io

      Public
      Cyber Security Trainings
      SCSS
      GNU General Public License v3.0
      19200Updated May 31, 2023May 31, 2023

    • Email-Forwarding-Rules

      Public
      A mind map of email forwarding rule evidence in Microsoft 365
      0400Updated Feb 20, 2023Feb 20, 2023

    • gws_dataset

      Public
      Google Workspace Audit logs containing several attacks
      MIT License
      2800Updated Aug 15, 2022Aug 15, 2022

    • macOS

      Public
      Repository for macOS related security research
      1700Updated Jun 7, 2022Jun 7, 2022

    • cobaltstrike

      Public
      Collection of resources related to Cobalt Strike investigations
      2900Updated Jun 7, 2022Jun 7, 2022

    • o365_dataset

      Public
      A dataset containing Office 365 Unified Audit Logs for security research and detection
      65210Updated Jun 7, 2022Jun 7, 2022

    • Office-365-Extractor

      Public
      The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
      PowerShell
      33200Updated May 24, 2022May 24, 2022