Script to remove Windows 10 bloatware.

Scripts to build a trimmed-down Windows 11 image.

Six Degrees of Domain Admin

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Empire is a PowerShell and Python post-exploitation agent.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

A repository of sysmon configuration modules

HardeningKitty and Windows Hardening Settings

Automation to assess the state of your M365 tenant against CISA's baselines

netshell features all in version 2 powershell

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

Re-play Security Events

HardeningKitty - Checks and hardens your Windows configuration

A tool for checking if MFA is enabled on multiple Microsoft Services

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as wel…

Azure Local (formerly Azure Stack HCI), Windows 10 and Windows Server rapid lab deployment scripts

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events…

Socks proxy, and reverse socks server using powershell.

Provision a brand-new company with proper defaults in Windows, Offic365, and Azure

STIG Automation

A repository of tools for pentesting of restricted and isolated environments.

Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

A collection of red team and adversary emulation resources developed and released by MITRE.