Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
GPT4All: Run Local LLMs on Any Device. Open-source and available for commercial use.
Unsupervised text tokenizer for Neural Network-based text generation.
High-speed Large Language Model Serving for Local Deployment
An even funnier way to disable windows defender. (through WSC api)
Alternative Shellcode Execution Via Callbacks
Hide your Powershell script in plain sight. Bypass all Powershell security features
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
kill anti-malware protected processes ( BYOVD ) ( Microsoft Won )
Adaptive DLL hijacking / dynamic export forwarding
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
Anomaly Detection on Dynamic (time-evolving) Graphs in Real-time and Streaming manner. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.
This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
Standalone HVNC Client & Server | Written in C++ (Modified Tinynuke)
Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys
A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.
Bypassing UAC with SSPI Datagram Contexts
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA …
This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.