Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
A wrapper executable that can run any executable as a Windows service, in a permissive license.
C# as you know it but with Go-inspired tooling (small, selfcontained, and native executables)
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
RunasCs - Csharp and open version of windows builtin runas.exe
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
This program is designed to demonstrate various process injection techniques
Writing custom backdoor payloads with C# - Defcon 27 Workshop
A method of bypassing EDR's active projection DLL's by preventing entry point exection
PowerShell rebuilt in C# for Red Teaming purposes
PoCs and tools for investigation of Windows process execution techniques
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
Dump Azure AD Connect credentials for Azure AD and Active Directory
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
GHOSTS is a realistic user simulation framework for cyber experimentation, simulation, training, and exercise
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
Windows protocol library, including SMB and RPC implementations, among others.
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
Detect and respond to Cobalt Strike beacons using ETW.
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
BadAssMacros - C# based automated Malicous Macro Generator.
Bypass for PowerShell Constrained Language Mode
Escalate Service Account To LocalSystem via Kerberos
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC