A python module for working with ATT&CK

Defund the Police.

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

PowerShell tools to help defenders hunt smarter, hunt harder.

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

HookChain: A new perspective for Bypassing EDR Solutions

Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Cli…

Example code samples from our ScriptBlock Smuggling Blog post

C# AV/EDR Killer using less-known driver (BYOVD)

Windows LPE Nday

Python tool to check rootkits in Windows kernel

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Web Extension for saving a faithful copy of a complete web page in a single HTML file

Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.

The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory Canary objects.

Fragtunnel is a proof-of-concept (PoC) TCP tunnel tool that you can use to tunnel your application's traffic and bypass next-generation firewalls en route to the target.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Clearcut is a tool that uses machine learning to help you focus on the log entries that really need manual review

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

Distribute and run LLMs with a single file.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Converts PE into a shellcode

DeepFaceLab is the leading software for creating deepfakes.

The Hunt for Malicious Strings

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

SharpSploit is a .NET post-exploitation library written in C#