Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Automating situational awareness for cloud penetration tests.
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?
Shikata ga nai (仕方がない) encoder ported into go with several improvements
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
Real fucking shellcode encryptor & obfuscator tool
Weaponize DLL hijacking easily. Backdoor any function in any DLL.
Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s …
The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.
Abuse trust-boundaries to bypass firewalls and network controls
Tylous / ScareCrow
Forked from optiv/ScareCrowScareCrow - Payload creation framework designed around EDR bypass.
A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.
Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…
AWS Attack Path Management Tool - Walking on the Moon
Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal ser…
Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
(MeetC2 a.k.a Meeting C2) - A framework abusing Google Calendar APIs.
A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.
A fucking real shellcode loader with a GUI. Work-in-Progress.