☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

An AWS IAM Privilege Escalation Path Library

Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption

模拟cobalt strike beacon上线包. Simulation cobalt strike beacon connection packet.

JA4+ is a suite of network fingerprinting standards

COM Hijacking VOODOO

An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications

Purple-team telemetry & simulation toolkit.

Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared library. Format inspired by @rasta-mouse's LibTP.

redc 要用到的 tf 模板

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, o…

The Windows Research Kernel (WRK)

Helping defenders learn and validate npm supply-chain detections with safe atomic tests.

boostsecurityio/lotp

Tool to enumerate privileged Scheduled Tasks on Remote Systems

Synapse Rapid Power-Up for Validin

Usermode exploit to bypass any AC using a 0day shatter attack.

Repository for the DEATHCon 2025 Workshop "Operationzaling Purple Teaming in the Enterprise".

A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library

免杀远控木马源码整理开源(银狐 winos 大灰狼 gh0st) Rat

A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.

A Blind EDR Project for Educational Purposes

SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative featur…

AWS X-Ray for Covert Command & Control

Things i do because i saw it on twitter on a weekend

Live Feed of C2 servers, tools, and botnets