Hunts out CobaltStrike beacons and logs operator command output

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events…

Detect Tactics, Techniques & Combat Threats

Loki - Simple IOC and YARA Scanner

A collection of pentest and development tips

Adversary Emulation Framework

A Linux Host-based Intrusion Detection System based on eBPF.

KCon is a famous Hacker Con powered by Knownsec Team.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

Scaffolding for BPF application development with libbpf and BPF CO-RE

Local penetration testing lab using docker-compose.

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC

A Microservices-based framework for the study of Network Security and Penetration Test techniques

Java 内存马开聚会 🎉

Open-source vulnerability scanner

应急响应实战笔记，一个安全工程师的自我修养。

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

The Havoc Framework

一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader

Linux 应急响应手册

Windows 应急响应手册

Elastic Security detection content for Endpoint

A list for Web Security and Code Audit

蓝队应急工具

Windows安全基线核查加固助手

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.