{"payload":{"pageCount":1,"repositories":[{"type":"Public","name":"Microsoft-Extractor-Suite","owner":"invictus-ir","isFork":false,"description":"A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.","allTopics":["microsoft","microsoft365"],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":1,"starsCount":400,"forksCount":60,"license":"GNU General Public License v2.0","participation":[0,0,0,0,26,0,1,0,0,1,11,3,0,0,1,6,5,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,8,8,2,11,5,5,28,4,0,15,3,0,6,0,0,1,3,0,6,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-24T14:41:31.345Z"}},{"type":"Public","name":"talks","owner":"invictus-ir","isFork":false,"description":"An overview of our talks at security conferences","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":4,"forksCount":0,"license":null,"participation":[0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-21T11:42:30.648Z"}},{"type":"Public","name":"aws-cheatsheet","owner":"invictus-ir","isFork":false,"description":"A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering. ","allTopics":[],"primaryLanguage":null,"pullRequestCount":1,"issueCount":0,"starsCount":55,"forksCount":11,"license":"MIT License","participation":[0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-08T09:44:13.160Z"}},{"type":"Public","name":"Invictus-AWS","owner":"invictus-ir","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":166,"forksCount":15,"license":"MIT License","participation":[0,0,0,0,0,2,3,1,1,0,1,4,4,0,0,3,1,1,1,1,2,4,1,15,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-24T08:41:16.199Z"}},{"type":"Public","name":"ALFA","owner":"invictus-ir","isFork":false,"description":"ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":135,"forksCount":17,"license":"MIT License","participation":[0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-02-19T10:53:37.630Z"}},{"type":"Public","name":"KQL-threat-hunting-queries","owner":"invictus-ir","isFork":true,"description":"A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":51,"license":"MIT License","participation":[11,0,0,5,0,3,5,0,0,0,14,0,0,2,7,0,3,6,0,6,0,3,0,3,0,3,0,3,6,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-12-27T14:24:41.222Z"}},{"type":"Public","name":"entra-apps","owner":"invictus-ir","isFork":false,"description":"List of Microsoft Apps in Entra ID","allTopics":[],"primaryLanguage":null,"pullRequestCount":1,"issueCount":0,"starsCount":5,"forksCount":2,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-11-08T15:16:52.770Z"}},{"type":"Public","name":"kql_queries","owner":"invictus-ir","isFork":false,"description":"KQL queries for Incident Response","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":4,"forksCount":3,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-10-31T11:03:48.931Z"}},{"type":"Public","name":"Invictus-training","owner":"invictus-ir","isFork":false,"description":"Repository with supporting materials for Invictus Academy/Training","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":21,"forksCount":3,"license":null,"participation":[0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-10-18T06:46:59.088Z"}},{"type":"Public","name":"aws_dataset","owner":"invictus-ir","isFork":false,"description":"A dataset with CloudTrail events from an attack simulation using Stratus. ","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":11,"forksCount":2,"license":"MIT License","participation":[0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-12T12:17:05.730Z"}},{"type":"Public","name":"Sigma-AWS","owner":"invictus-ir","isFork":false,"description":"This repository contains the research and components of our research into using Sigma for AWS Incident Response. ","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":18,"forksCount":4,"license":"MIT License","participation":[0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-12T12:16:45.574Z"}},{"type":"Public","name":"cyber-security-hub.github.io","owner":"invictus-ir","isFork":true,"description":"Cyber Security Trainings","allTopics":[],"primaryLanguage":{"name":"SCSS","color":"#c6538c"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":19,"license":"GNU General Public License v3.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-31T08:20:12.874Z"}},{"type":"Public","name":"Blue-team-app-Office-365-and-Azure","owner":"invictus-ir","isFork":false,"description":"","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":65,"forksCount":10,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-02-23T12:48:46.749Z"}},{"type":"Public","name":"Email-Forwarding-Rules","owner":"invictus-ir","isFork":false,"description":"A mind map of email forwarding rule evidence in Microsoft 365","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":0,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-02-20T13:43:47.768Z"}},{"type":"Public","name":"gws_dataset","owner":"invictus-ir","isFork":false,"description":"Google Workspace Audit logs containing several attacks","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":5,"forksCount":0,"license":"MIT License","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-08-15T22:29:01.990Z"}},{"type":"Public","name":"macOS","owner":"invictus-ir","isFork":false,"description":"Repository for macOS related security research","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":7,"forksCount":3,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-07T12:40:14.912Z"}},{"type":"Public","name":"cobaltstrike","owner":"invictus-ir","isFork":false,"description":"Collection of resources related to Cobalt Strike investigations","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":9,"forksCount":2,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-07T12:39:54.340Z"}},{"type":"Public","name":"o365_dataset","owner":"invictus-ir","isFork":false,"description":"A dataset containing Office 365 Unified Audit Logs for security research and detection ","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":39,"forksCount":5,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-07T12:39:36.811Z"}},{"type":"Public","name":"Office-365-Extractor","owner":"invictus-ir","isFork":true,"description":"The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)","allTopics":[],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":34,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-05-24T10:08:36.610Z"}}],"repositoryCount":19,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"Repositories"}