Lists (16)
ATLAS Adversarial ML
AI/ML Security: MITRE ATLAS (atlas.mitre.org) + OWASP LLM Top 10 + Google SAIF. Covers prompt injection, model tampering, data poisoning, agent security, privac28 repositories
TA0001 Initial Access
Initial Access (TA0001): Gaining initial foothold in target networks. Includes phishing, exploiting public-facing apps, supply chain compromise, valid accounts. https://attack.mitre.org/tactics/TA000160 repositories
TA0002 Execution
Execution (TA0002): Running malicious code on target systems. Includes command interpreters, scripting, native APIs, exploitation for client execution. https://attack.mitre.org/tactics/TA0002319 repositories
TA0003 Persistence
Persistence (TA0003): Maintaining access across restarts and credential changes. Includes registry run keys, scheduled tasks, bootkit, implants, account manipulation. https://attack.mitre.org/tactics/TA000334 repositories
TA0004 Privilege Escalation
Privilege Escalation (TA0004): Gaining higher-level permissions. Includes exploitation, access token manipulation, UAC bypass, AD escalation, sudo/setuid abuse. https://attack.mitre.org/tactics/TA000492 repositories
TA0005 Defense Evasion
Defense Evasion (TA0005): Avoiding detection. Includes obfuscation, disabling security tools, process injection, masquerading, AMSI/ETW bypass, rootkits. https://attack.mitre.org/tactics/TA0005325 repositories
TA0006 Credential Access
Credential Access (TA0006): Stealing credentials. Includes password dumping, Kerberoasting, credential harvesting, brute force, keylogging, LSASS access. https://attack.mitre.org/tactics/TA0006135 repositories
TA0007 Discovery
Discovery (TA0007): Understanding target environment. Includes network enumeration, AD recon, system info gathering, account discovery, BloodHound. https://attack.mitre.org/tactics/TA0007152 repositories
TA0008 Lateral Movement
Lateral Movement (TA0008): Moving through the network. Includes pass-the-hash, RDP, SMB/WMI exec, SSH tunneling, pivoting, proxychains. https://attack.mitre.org/tactics/TA000877 repositories
TA0009 Collection
Collection (TA0009): Gathering target data. Includes screen capture, keylogging, email harvesting, clipboard data, memory dumping, secret scanning. https://attack.mitre.org/tactics/TA000921 repositories
TA0010 Exfiltration
Exfiltration (TA0010): Stealing data from target. Includes covert channels, DNS tunneling, steganography, encrypted transfers, cloud storage abuse. https://attack.mitre.org/tactics/TA001010 repositories
TA0011 Command and Control (C2)
Command and Control (TA0011): Communicating with compromised systems. Includes C2 frameworks (Cobalt Strike, Sliver), domain fronting, protocol tunneling. https://attack.mitre.org/tactics/TA0011247 repositories
TA0040 Impact
Impact (TA0040): Disrupting availability or integrity. Includes ransomware, data destruction, defacement, resource hijacking, service disruption. https://attack.mitre.org/tactics/TA00406 repositories
TA0042 Resource Development
Resource Development (TA0042): Building attack infrastructure. Includes payload development, infrastructure setup, capability acquisition, tool compilation. https://attack.mitre.org/tactics/TA0042387 repositories
TA0043 Reconnaissance
Reconnaissance (TA0043): Gathering target information. Includes OSINT, subdomain enumeration, network scanning, social engineering research. https://attack.mitre.org/tactics/TA0043168 repositories
Threat Hunting
Threat Hunting related repositories123 repositories
Starred repositories
45
stars
written in Ruby
Clear filter
A curated list of awesome awesomeness
🍻 A CLI workflow for the administration of macOS applications distributed as binaries
🍻 Default formulae for the missing package manager for macOS (or Linux)
The ultimate WinRM shell for hacking/pentesting
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Main Website for The Odin Project
📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
Ruby gems for general-purpose AI agent systems: automation, research, data processing, customer support, content creation. SwarmSDK provides single-process orchestration, persistent memory with sem…
Vagrant VirtualBox environment for conducting an internal network penetration test
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
This repository has been combined with mac-tracker project and no longer receives updates.
RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.
Section9Labs / Cartero
Forked from mrbrutti/CarteroCartero - Social Engineering Framework
A simple tool for offline searching of default credentials for network devices, web applications and more.
A simple email generator that uses dorks on Bing to generate emails from LinkedIn Profiles.
Documentation and Tools for Cisco's PSIRT openVuln API
🔑 A CLI tool to identify the hash type of a given hash.
Learn Ruby Regexp step-by-step from beginner to advanced levels with plenty of examples and exercises.
🚩 A CLI tool & library to enhance and speed up script/exploit writing with string conversion/manipulation.