Lists (32)
Adversary Simulation
Adversary simulationsAI-LLM
Promp engineering etc.Attack Simulation and Automation
Attack simulation, detection engineering, purple teaming. etc.Blue Team Tools
Data Science
Data Visualization
Interactive dashboarding etc.DFIR
DFIR and Hunting Tools
Useful tools for threat hunting and DFIRDFIR: Cloud
Graph
Identity and Cloud
Entra ID, Azure related ttack and defenseJupyter and Python
Knowledge Repos
LOLBins, query repos, etc.Lab Environment and Automation
Malware Analysis and YARA
Microsoft Sentinel and Defender
Red Team: Collection
Red Team: Command and Control
RAT tools etc.Red Team: Credential Access
Red Team: Defense Evasion
Red Team: Discovery
Bloodhound, Kubehound, and other stuffRed Team: Execution
Red Team: Exfiltration
Red Team: Initial Access
Phishing, etc.Red Team: Lateral Movement
Red Team: Persistence
Red Team: Privilege Escalation
Red Team: Reconnaissance
Red Team: Resource Development
Red Team Tools
Red team toolsSecurity Data Science
Training
Stars
This operational dashboard correlates data from Microsoft Defender for Endpoint/Server (MDE) and Azure Monitor Agent (AMA) to identify configuration gaps and ensure complete endpoint telemetry inge…
Live ETW-TI event viewer for Windows kernel threat-intelligence telemetry. Research tool for exploring the same signals commercial EDRs rely on.
Creating attacks paths across management and data planes
Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.
Machine Learning Pipelines introduced for cyber threat hunting purposes.
Cyb3r-Monk / Lucky-Spark
Forked from Schich/Lucky-SparkA stealthy loader for shellcode staged with http/https like Sliver
A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself
yenick514 / KslKatz
Forked from vergamota/KslKatzCombining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-si…
NTLM HTTP relay tool with SOCKS proxy for browser session hijacking
An open-source log viewer inspired by Microsoft's CMTrace.exe.
BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation
psexecsvc - a python implementation of PSExec's native service implementation
Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later
An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bicep) with PowerShell automation to streamline the deployment o…
Extract Windows credentials directly from VM memory snapshots and virtual disks
Patch termsrv.dll so that multiple remote users can open an RDP session on a non-Windows Server computer
ASPX Web Shell with COFF Loader
Two WinForms GUI tools for enumerating, searching, and exfiltrating data from M365 environments using application-level OAuth tokens
Orchestrate fleets of Claude Code & Claude Computer Use agents across containers, VMs, and physical devices. Live desktop streaming, intelligent task delegation, and multi-channel human-in-the-loop…
This repo, focuses on detection engineering for Kubernetes Cluster. Sysdig Falco is used to create rules.
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.