Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.
SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…
A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses …
Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE
A tool to play with scheduled tasks on Windows, in Rust
Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)
Redirect any Windows TCP and UDP traffic to HTTP/Socks5 proxy
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
Step-by-step documentation on how to decrypt SCCM database secrets offline
A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…
dmcxblue / Windows-Local-Privilege-Escalation-Cookbook
Forked from nickvourd/Windows-Local-Privilege-Escalation-CookbookWindows Local Privilege Escalation Cookbook
Dynamic shellcode loader with sophisticated evasion capabilities
Secrets Find0r is a multithreaded SMB share crawler that hunts for exposed credentials and secrets across Windows networks. It enumerates shares, recursively scans files with regex/keyword rules, h…
Lateral Movement Bof with MSI ODBC Driver Install
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare
Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leverages the "Axe Key," a method created by Nathan Eades of the…
Simple & Powerful PowerShell Script Obfuscator
Windows protocol library, including SMB and RPC implementations, among others.
Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox
AWSDoor is a red team automation tool designed to simulate advanced attacker behavior in AWS environments
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).