Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.

Collection of Windows Privilege Escalation (Analyse/PoC/Exploit)

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Process Monitor X v2

Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or…

Windows Event Log Killer

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtC…

A Pin Tool for tracing API calls etc

Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifyin…

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

book for parents and kids.

Malware development for red teaming workshop

ATTiRe logging for Invoke-Atomicredteam

Attack Tool Timing and Reporting - Structured Attack Logging Format

The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson

The swiss army knife of LSASS dumping

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

Project for tracking publicly disclosed DLL Hijacking opportunities.

PoCs and tools for investigation of Windows process execution techniques

Collection of KQL queries

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Threat Hunting queries for various attacks

An analytical framework for network traffic and behavioral analytics

Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)

This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell