EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

Suspicious is a powerful web application designed to help users submit and analyze emails, files, IP addresses, and URLs

KeePass Master Password Stealer using Hooking

Red Team AI prompts

A tool to transform Chromium browsers into a C2 Implant

Content and collateral for the Microsoft Sentinel SOC 101 series

Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.

My POC implementation of HVNC (Hidden VNC / Hidden Desktop)

A simple tool to find dangling CNAMEs

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language ins…

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Elastic Security detection content for Endpoint

Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on multiple such images

A simple program to automate Microsoft OAuth device code phishing attacks.

Conditional Access Reporting

一个攻防知识库。A knowledge base for red teaming and offensive security.

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

PowerShell framework to assess Azure security

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Azure JWT Token Manipulation Toolset

Trying to tame the three-headed dog.

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

A simple, high-throughput file client for mounting an Amazon S3 bucket as a local file system.