You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cryptwareapps/Malware-Database - A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
vxunderground/MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
Sh0ckFR/InlineWhispers2 - Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
op7ic/EDR-Testing-Script - Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
N7WEra/SharpAllTheThings - The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.
iovisor/bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
akamai/akamai-security-research - This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement
seahop/NtDllPipeRead - Opens 2 named pipes and uses cmd.exe to read in the contents of ntdll.dll between pipes. Tweaked the code from x86matthew's site https://www.x86matthew.com and fixed up a little to work in C.
microsoft/Windows-driver-samples - This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
thefLink/DeepSleep - A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
boku7/azureOutlookC2 - Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Micro
NUL0x4C/KnownDllUnhook - Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Yaxser/Backstab - A tool to kill antimalware protected processes
winsiderss/systeminformer - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co
outflanknl/C2-Tool-Collection - A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
dzzie/SCDBG - note: current build is VS_LIBEMU project. This cross platform gcc build is for Linux users but is no longer updated. modification of the libemu sctest project to add basic debugger capabilities and mo
ScarredMonk/SysmonSimulator - Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
Spacial/awesome-csirt - Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
AFLplusplus/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
yarrick/iodine - Official git repo for iodine dns tunnel
ufrisk/pcileech - Direct Memory Access (DMA) Attack Software
gentilkiwi/kekeo - A little toolbox to play with Microsoft Kerberos in C
a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Dec0ne/ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
daem0nc0re/TangledWinExec - PoCs and tools for investigation of Windows process execution techniques
kagurazakasanae/Mhyprot2DrvControl - A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
CCob/SharpBlock - A method of bypassing EDR's active projection DLL's by preventing entry point exection
med0x2e/GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
plackyhacker/Shellcode-Injection-Techniques - A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some tec
TheWover/DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
cyberark/RPCMon - RPC Monitor tool based on Event Tracing for Windows
eladshamir/BadWindowsService - An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
Flangvik/TeamFiltration - TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, install
Flangvik/SharpExfiltrate - Modular C# framework to exfiltrate loot over secure and trusted channels.
mgeeky/Stracciatella - OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
mgeeky/SharpWebServer - Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
bats3c/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
Dec0ne/KrbRelayUp - KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Mr-Un1k0d3r/ADHuntTool - official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
GhostPack/SharpUp - SharpUp is a C# port of various PowerUp functionality.
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
GhostPack/SharpDPAPI - SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
CCob/SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
t3hbb/DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk.
dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
cobbr/SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
vletoux/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
mvelazc0/PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
icsharpcode/ILSpy - .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
Processus-Thief/UnhookingDLL - This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
PL-V/Firefox-Grabber - Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users
antonioCoco/JuicyPotatoNG - Another Windows Local Privilege Escalation from Service Account to System
hasherezade/pe-bear - Portable Executable reversing tool with a friendly GUI
dennisbabkin/InjectAll - Tutorial that demonstrates how to code a Windows driver to inject a custom DLL into all running processes. I coded it from start to finish using C++ and x86/x64 Assembly language in Microsoft Visual S
mgeeky/ShellcodeFluctuation - An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
BSI-Bund/RdpCacheStitcher - RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
mgeeky/ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
mpgn/BackupOperatorToDA - From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
pwn1sher/KillDefender - A small POC to make defender useless by removing its token privileges and lowering the token integrity
GossiTheDog/HiveNightmare - Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
jxy-s/herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Sysinternals/ProcMon-for-Linux - Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall a
hasherezade/pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
zeek/zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
osquery/osquery - SQL powered operating system instrumentation, monitoring, and analytics.
CSS
palantir/phishcatch - A browser extension and API server for detecting corporate password use on external websites
thewhiteh4t/seeker - Accurately Locate Smartphones using Social Engineering
cilium/hubble - Hubble - Network, Service & Security Observability for Kubernetes using eBPF
kubeshark/kubeshark - The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and cluste
lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
optiv/Ivy - Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivyโs loader does this by utilizing programmatical access in the VBA object environment t
liamg/traitor - โฌ๏ธ โ ๏ธ ๐ฅ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. ไธๆฌพๅฏๅ จๅนณๅฐ่ฟ่ก็ๆต่งๅจๆฐๆฎๅฏผๅบ่งฃๅฏๅทฅๅ ทใ
optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BlueTeamLabs/sentinel-attack - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
HTML
strandjs/IntroLabs - These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐
AndrewRathbun/DFIRArtifactMuseum - The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts
clong/DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
TedGoas/Cerberus - A few simple, but solid patterns for responsive HTML email templates and newsletters. Even in Outlook and Gmail.
horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
center-for-threat-informed-defense/attack-powered-suit - ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CKยฎ knowledge base at your fingertips with text search, context menus, and ATT&CK Navigator integration.
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
Smile4ever/Neat-URL - Neat URL cleans URLs, removing parameters such as Google Analytics' utm parameters.
mrd0x/BITB - Browser In The Browser (BITB) Templates
seynur/DA-ESS-MitreContent - MITRE ATT&CK Framework compliance dashboard and correlation searches that works with Splunk Enterprise Security and ES Content Update
gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
h5bp/html5-boilerplate - A professional front-end template for building fast, robust, and adaptable web apps or sites.
Jinja
splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Jupyter Notebook
Azure/MDEASM-Solutions - Solutions developed by the MDEASM Customer Experience Engineering (CxE) Go-To Production (GTP) team for Azure MDEASM
Azure/Azure-Sentinel-Notebooks - Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
ageron/handson-ml3 - A series of Jupyter notebooks that walk you through the fundamentals of Machine Learning and Deep Learning in Python using Scikit-Learn, Keras and TensorFlow 2.
Cyb3r-Monk/Threat-Hunting-and-Detection - Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Azure/Azure-Sentinel - Cloud-native SIEM for intelligent security analytics for your entire enterprise.
darkquasar/AIMOD2 - Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mi
t3l3machus/PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository ar
CMEPW/BypassAV - This map lists the essential techniques to bypass anti-virus and EDR
mdecrevoisier/Splunk-input-windows-baseline - Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK
wiz-sec-public/peach-framework - PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by user interfaces.
SecurityRiskAdvisors/VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
fox-it/dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part
Bert-JanP/Hunting-Queries-Detection-Rules - KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Ignitetechnologies/Credential-Dumping - This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples. There are multiple ways to perform the sa
fabacab/awesome-cybersecurity-blueteam - ๐ป๐ก๏ธ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
N7WEra/BofAllTheThings - Creating a repository with all public Beacon Object Files (BoFs)
BC-SECURITY/Malleable-C2-Profiles - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.
gtworek/Priv2Admin - Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
Cobalt-Strike/Malleable-C2-Profiles - Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt
mdecrevoisier/Microsoft-eventlog-mindmap - Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
EricZimmerman/KapeFiles - This repository serves as a place for community created Targets and Modules for use with KAPE.
tanprathan/MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi
diversenok/TokenUniverse - An advanced tool for working with access tokens and Windows security policy.
0xsp-SRD/mortar - evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
Perl
samyk/slipstream - NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victimโs NAT/firewall, just by anyone on the victim's network visiting a website
major/MySQLTuner-perl - MySQLTuner is a script written in Perl that will assist you with your MySQL configuration and make recommendations for increased performance and stability.
PowerShell
tsale/EDR-Telemetry - This project aims to compare and evaluate the telemetry of various EDR products.
d4rksystem/VMwareCloak - A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.
namazso/physmem_drivers - A collection of various vulnerable (mostly physical memory exposing) drivers.
vectra-ai-research/MAAD-AF - MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Azure AD.
TrimarcJake/Locksmith - A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services
microsoft/mde-api-gui - Simple GUI for Microsoft Defender for Endpoint API machine actions in PowerShell.
dwmetz/QuickPcap - A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
gtworek/PSBits - Simple (relatively) things allowing you to dig a bit deeper than usual.
mattifestation/WDACTools - A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
silverhack/monkey365 - Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews.
last-byte/PersistenceSniper - Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with โค๏ธ by @last0x00 and @dottor_morte
mgeeky/ProtectMyTooling - Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with
Johnng007/Live-Forensicator - Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response
VirtualAlllocEx/Payload-Download-Cradles - This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
NetSPI/MicroBurst - A collection of scripts for assessing Microsoft Azure security
darkquasar/AzureHunter - A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
R3MRUM/PSDecode - PowerShell script for deobfuscating encoded PowerShell scripts
invictus-ir/Microsoft-Extractor-Suite - A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
AustralianCyberSecurityCentre/windows_event_logging - Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
mamun-sec/dfirt - Collect information of Windows PC when doing incident response
nsacyber/Event-Forwarding-Guidance - Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
blackhillsinfosec/EventLogging - Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
Azure/Enterprise-Scale - The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organiza
GhostPack/PSPKIAudit - PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
Cloud-Architekt/AzureAD-Attack-Defense - This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
microsoft/New-KrbtgtKeys.ps1 - This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
lazywinadmin/PowerShell - PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)
jokezone/Update-Sysmon - This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
davidprowe/BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. A
NetSPI/PowerUpSQL - PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
EvotecIT/PSWinReporting - This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Eve
dafthack/MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can b
Azure-Samples/azure-search-openai-demo - A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure Cognitive Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experien
infosecB/LOOBins - Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
dgtlmoon/changedetection.io - The best and simplest free open source website change detection, restock monitor and notification service. Restock Monitor, change detection. Designed for simplicity - Simply monitor which websites ha
FalconForceTeam/FalconForge - This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365
wealthsimple/odef - This is a public template repository for the Open Detection Engineering Framework
cisagov/untitledgoosetool - Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customerโs Azure A
cyberark/KubiScan - A tool to scan Kubernetes cluster for risky permissions
mgreen27/DetectRaptor - A repository to share publicly available Velociraptor detection content
tothi/serviceDetector - Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin privileges.
Neo23x0/yaraQA - YARA rule analyzer to improve rule quality and performance
mxrch/GHunt - ๐ต๏ธโโ๏ธ Offensive Google framework.
trustedsec/orpheus - Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
MWR-CyberSec/PXEThief - PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
Oros42/IMSI-catcher - This program show you IMSI numbers of cellphones around you.
antonioCoco/SharPyShell - SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
Ge0rg3/requests-ip-rotator - A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
xRET2pwn/Teamsniper - Teamsniper is a tool for fetching keywords in a Microsoft Teams such as (passwords, emails, database, etc.).
WazeHell/sam-the-admin - Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
splunk/melting-cobalt - A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
mgeeky/PackMyPayload - A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
c3c/ADExplorerSnapshot.py - ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
mgeeky/RedWarden - Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
Azure/Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
janoglezcampos/DeathSleep - A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
t3l3machus/hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
p0dalirius/DumpSMBShare - A script to dump files and folders remotely from a Windows SMB share.
p0dalirius/windows-coerced-authentication-methods - A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
p0dalirius/Coercer - A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
ly4k/Certipy - Tool for Active Directory Certificate Services enumeration and abuse
0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
carlospolop/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
blacklanternsecurity/MANSPIDER - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
ihebski/DefaultCreds-cheat-sheet - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password ๐ก๏ธ
jklepsercyber/defender-detectionhistory-parser - A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
p0dalirius/LDAPmonitor - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
HashPals/Name-That-Hash - ๐ Don't know what type of hash it is? Name That Hash will name that hash type! ๐ค Identify MD5, SHA256 and 300+ other hashes โ Comes with a neat web app ๐ฅ
ly4k/PrintNightmare - Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
alertmanager/alert_manager - Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
ricardojoserf/adfsbrute - A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa
Hackndo/lsassy - Extract credentials from lsass remotely
intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
0x4D31/fatt - FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
JonathanSalwan/ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and
OTRF/OSSEM - Open Source Security Events Metadata (OSSEM)
dirkjanm/PrivExchange - Exchange your privileges for Domain Admin privs by abusing Exchange
lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
FortyNorthSecurity/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
google/grr - GRR Rapid Response: remote live forensics for incident response
salesforce/ja3 - JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
demisto/content - Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR's ever-growing Content Repository. Pull Requests are always welcome and highly appreciated!
OTRF/ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
JPCERTCC/LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
fail2ban/fail2ban - Daemon to ban hosts that cause multiple authentication errors
Rich Text Format
decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Kudaes/Bin-Finder - Detect EDR's exceptions by inspecting processes' loaded modules
Yamato-Security/hayabusa - Hayabusa (้ผ) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
0x192/universal-android-debloater - Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
mufeedvh/pdfrip - A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Shell
edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
arget13/DDexec - A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
MichaelCade/90DaysOfDevOps - I am using this repository to document my journey learning about DevOps. I began this process on January 1, 2022, and plan to continue until March 31. I will be dedicating one hour each day, including
IvanGlinkin/AutoSUID - AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.
IvanGlinkin/shellDAVpass - shellDAVpass application is the Open-Source project, the main idea of which is to bypass the defender and AntiVirus detections to conduct a non interactive reverse shell to execute the Windows command
tclahr/uac - UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
sametsazak/mergen - Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.
redcanaryco/mac-monitor - Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displa
TypeScript
mttaggart/wtfbins - WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
cisagov/RedEye - RedEye is a visual analytic tool supporting Red & Blue Team operations
fingerprintjs/fingerprintjs - Browser fingerprinting library. Compared to Fingerprint Pro has limited accuracy (40 - 60%), but is fully open source.
VBA
S3cur3Th1sSh1t/OffensiveVBA - This repo covers some code execution and AV Evasion methods for Macros in Office documents
XSLT
LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
