DFIR-O365RC – PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved from two main data sources: Office 365 Unified AuditRead More

AzureC2Relay – An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile

AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile. Any incoming requests that do not share the profiles user-agent, URI paths, headers, and query parameters, will be redirected to a configurable decoy website. The validated C2 traffic isRead More

PowerZure – PowerShell Framework To Assess Azure Security

For a list of functions, their usage, and more, check out https://powerzure.readthedocs.io What is PowerZure? PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources.Read More

Adaz – Automatically Deploy Customizable Active Directory Labs In Azure

This project allows you to easily spin up Active Directory labs in Azure with domain-joined workstations, Windows Event Forwarding, Kibana, and Sysmon using Terraform/Ansible. It exposes a high-level configuration file for your domain to allow you to customize users, groups and workstations. dns_name: hunter.labdc_name: DC-1initial_domain_admin: username: hunter password: MyAdDomain!organizational_units: {}users:- username: christophe- username: danygroups:- dn:Read More

SkyArk – Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

SkyArk is a cloud security project with two main scanning modules: AzureStealth – Scans Azure environments AWStealth – Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal – Discover The Most Privileged Cloud UsersSkyArk currently focuses on mitigating the new threat ofRead More

Serverless Prey – Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions (FaaS), that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C# Cheetah: Google Cloud Function written in Go This repository also contains researchRead More

X