Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…
Automated DLL Sideloading Tool With EDR Evasion Capabilities
BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse entities and configurable, traversable attack paths.
AWS CloudSaga - Simulate security events in AWS
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative featur…
Extract and execute a PE embedded within a PNG file using an LNK file.
Built-in Panther detection rules and policies
Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting.
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Securit…
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
Assess the security of your Active Directory with few or all privileges.
Generate an obfuscated DLL that will disable AMSI & ETW
Lateral Movement Using DCOM and DLL Hijacking
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
A collection of red teaming and adversary emulation related tools, scripts, techniques, notes, etc
M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.
Perfect DLL Proxying using forwards with absolute paths.
xforcered / RemoteMonologue
Forked from 3lp4tr0n/RemoteMonologueWeaponizing DCOM for NTLM Authentication Coercions
Execute commands interactively on remote Windows machines using the WinRM protocol
Group Policy Objects manipulation and exploitation framework