Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
BC-SECURITY / Empire
Forked from EmpireProject/EmpireEmpire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
Automation for internal Windows Penetrationtest / AD-Security
Privilege Escalation Enumeration Script for Windows
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
A collection of scripts for assessing Microsoft Azure security
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…
Azure Security Resources and Notes
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be r…
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
Dominate Active Directory with PowerShell.
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it wi…
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
Understand adversary tradecraft and improve detection strategies
Egress-Assess is a tool used to test egress data detection capabilities
This repo is about Active Directory Advanced Threat Hunting