Supply-chain Levels for Software Artifacts

Incident Response Methodologies

Incident Response collection and processing scripts with automated reporting scripts

chw00t - Unices chroot breaking tool

Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps C…

This repo contains some Amsi Bypass methods i found on different Blog Posts.

Study Notes for the AWS Certified Solutions Architect Professional Exam

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

AADInternals PowerShell module for administering Azure AD and Office 365

Network Pivoting Toolkit

Transparently tunnel your IP traffic through ICMP echo and reply packets.

GodOfWar - Malicious Java WAR builder with built-in payloads

.NET Project for Attacking vCenter

ScareCrow - Payload creation framework designed around EDR bypass.

A VBA implementation of the RunPE technique or how to bypass application whitelisting.

Public Repo for Atomic Test Harness

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Investigate malicious Windows logon by visualizing and analyzing Windows event log

AV/EDR evasion via direct system calls.

Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

Custom Query list for the Bloodhound GUI based off my cheatsheet

Domain Password Audit Tool for Pentesters

A Simple Ransomware Vaccine