Github recommendations

Twitter: @xknow_infosec
Github/Knowledge: Microsoft Defender 365 Advanced hunting full schema reference (Streaming API overview)
Github/Knowledge: Splunk Add-on for Microsoft Cloud Services improved field aliases for Azure event hub containing Microsoft 365 Defender events
Splunk/App: Microsoft Cloud Services Event Hub True Fashion Add-on for Splunk
Microsoft/Detection: Detects malicious SMB Named Pipes (used by common C2 frameworks)
SIGMA/Detection: Cmd.exe CommandLine Path Traversal
SIGMA/Detection: Suspicious LDAP-Attributes Used
SIGMA/Detection: Suspicious PROCEXP152.sys File Created In TMP
SIGMA/Detection: Suspicious ADSI-Cache Usage By Unknown Tool
SIGMA/Detection: Suspicious Service Installed
SIGMA/Detection: Suspicious Driver Loaded By User
Blog: Detecting LDAPFragger — A newly released Cobalt Strike Beacon using LDAP for C2 communication (blueteamers approach)
Blog: Windows Event ID 4649 “A replay attack was detected“ — Oh really? Are we under ATTACK? Should we do Incident Response?

Github recommendations

Assembly

cryptwareapps/Malware-Database - A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
vxunderground/MalwareSourceCode - Collection of malware source code for a variety of platforms in an array of different programming languages.
Sh0ckFR/InlineWhispers2 - Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
jthuraisamy/SysWhispers2 - AV/EDR evasion via direct system calls.

AutoIt

Bioruebe/UniExtract2 - Universal Extractor 2 is a tool to extract files from any type of archive or installer.

Batchfile

Yamato-Security/EnableWindowsLogSettings - Documentation and scripts to properly enable Windows event logs.
NextronSystems/APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
op7ic/EDR-Testing-Script - Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
N7WEra/SharpAllTheThings - The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.
abbodi1406/KMS_VL_ALL_AIO - Smart Activation Script

Boo

byt3bl33d3r/SILENTTRINITY - An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

C

notsoshant/DCSyncer - Perform DCSync operation without mimikatz
deepinstinct/Dirty-Vanity - A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28
xforcered/Windows_LPE_AFD_CVE-2023-21768 - LPE exploit for CVE-2023-21768
Wack0/CVE-2022-21894 - baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
iovisor/bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
akamai/akamai-security-research - This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
cilium/tetragon - eBPF-based Security Observability and Runtime Enforcement
Wh04m1001/SysmonEoP -
CodeXTF2/WindowSpy - WindowSpy is a Cobalt Strike Beacon Object File meant for targeted user surveillance.
memtest86plus/memtest86plus - Official repo for Memtest86+ v6 (based on pcmemtest)
Ascotbe/Kernelhub - 🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)
Idov31/Cronos - PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.
codewhitesec/SysmonEnte -
aaaddress1/knownDlls_Poison -
SolomonSklash/SleepyCrypt - A shellcode function to encrypt a running process image when sleeping.
thefLink/RecycledGate - Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
MaorSabag/SideLoadingDLL -
seahop/NtDllPipeRead - Opens 2 named pipes and uses cmd.exe to read in the contents of ntdll.dll between pipes. Tweaked the code from x86matthew's site https://www.x86matthew.com and fixed up a little to work in C.
seahop/patchETW - Function to patch ETW with syscalls
Cracked5pider/CoffeeLdr - Beacon Object File Loader
Cracked5pider/ShellcodeTemplate - An easily modifiable shellcode template for Windows x64/x86
fortra/CreateProcess - A small PoC that creates processes in Windows
zimnyaa/noWatch - Implant drop-in for EDR testing
tanakh/cmdline - A Command Line Parser
microsoft/Windows-driver-samples - This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
BlackOfWorld/NtCreateUserProcess - A small NtCreateUserProcess PoC that spawns a Command prompt.
Cracked5pider/KaynLdr - KaynLdr is a Reflective Loader written in C/ASM
HavocFramework/Modules - Modules used by the Havoc Framework
thefLink/DeepSleep - A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
boku7/azureOutlookC2 - Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Micro
NUL0x4C/KnownDllUnhook - Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
trustedsec/CS-Remote-OPs-BOF -
janoglezcampos/c_syscalls - Single stub direct and indirect syscalling with runtime SSN resolving for windows.
ryan-weil/HideProcessHook - DLL that hooks the NtQuerySystemInformation API and hides a process name
comsec-group/retbleed - Arbitrary Speculative Code Execution with Return Instructions
thefLink/Hunt-Sleeping-Beacons - Aims to identify sleeping beacons
ekknod/SetWindowHookEx - Using SetWindowHookEx for preinjected DLL's
mgeeky/ElusiveMice - Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
kyleavery/AceLdr - Cobalt Strike UDRL for memory scanner evasion.
eladshamir/RPC-Backdoor - A basic emulation of an "RPC Backdoor"
endgameinc/ClrGuard -
ufrisk/MemProcFS - MemProcFS
cube0x0/SharpSystemTriggers - Collection of remote authentication triggers in C#
antonioCoco/MalSeclogon - A little tool to play with the Seclogon service
ScriptIdiot/SysmonQuiet - RDLL for Cobalt Strike beacon to silence sysmon process
TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Yaxser/Backstab - A tool to kill antimalware protected processes
trustedsec/CS-Situational-Awareness-BOF - Situational Awareness commands implemented using Beacon Object Files
Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
henrypp/errorlookup - Simple tool for retrieving information about Windows errors codes.
mrexodia/TitanHide - Hiding kernel-driver for x86/x64.
pathtofile/SealighterTI - Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
citronneur/pamspy - Credentials Dumper for Linux using eBPF
capt-meelo/NtCreateUserProcess - Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
wavestone-cdt/EDRSandblast -
winsiderss/systeminformer - A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co
synacktiv/Radmin3-Password-Cracker - Radmin Server 3 credentials dumper/cracker
outflanknl/C2-Tool-Collection - A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
praetorian-inc/PortBender - TCP Port Redirection Utility
fortra/nanodump - The swiss army knife of LSASS dumping
dzzie/SCDBG - note: current build is VS_LIBEMU project. This cross platform gcc build is for Linux users but is no longer updated. modification of the libemu sctest project to add basic debugger capabilities and mo
ScarredMonk/SysmonSimulator - Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
Sysinternals/SysinternalsEBPF - The Linux port of the Sysinternals Sysmon tool.
Sysinternals/SysmonForLinux -
boku7/BokuLoader - A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
topotam/PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
phra/PEzor - Open-Source Shellcode & PE Packer
antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System
antonioCoco/RemotePotato0 - Windows Privilege Escalation from User to Domain Admin.
Mr-Un1k0d3r/EDRs -
outflanknl/Dumpert - LSASS memory dumper using direct system calls and API unhooking.
Mr-Un1k0d3r/RedTeamCCode - Red Team C code repo
CiscoCXSecurity/linikatz - linikatz is a tool to attack AD on UNIX
Spacial/awesome-csirt - Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments
AFLplusplus/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
hfiref0x/SyscallTables - Windows NT x64 Syscall tables
hfiref0x/WinObjEx64 - Windows Object Explorer 64-bit
hfiref0x/KDU - Kernel Driver Utility
TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
openresty/headers-more-nginx-module - Set, add, and clear arbitrary output headers in NGINX http servers
yarrick/iodine - Official git repo for iodine dns tunnel
ufrisk/pcileech - Direct Memory Access (DMA) Attack Software
gentilkiwi/kekeo - A little toolbox to play with Microsoft Kerberos in C
a0rtega/pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
hfiref0x/UACME - Defeating Windows User Account Control
robertdavidgraham/masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
hashcat/hashcat - World's fastest and most advanced password recovery utility
ntop/nDPI - Open Source Deep Packet Inspection Software Toolkit
gentilkiwi/mimikatz - A little tool to play with Windows security
VirusTotal/yara - The pattern matching swiss knife

C#

leftp/DPAPISnoop - A C# tool to output crackable DPAPI hashes from user MasterKeys
trailofbits/RpcInvestigator - Exploring RPC interfaces on Windows
DragoQCC/HardHatC2 - A C# Command & Control framework
dr4k0nia/tooling-playground - A collection of small scripts and tools for deobfuscation and malware analysis.
gh0x0st/wanderer - An open-source process injection enumeration tool written in C#
CCob/ThreadlessInject - Threadless Process Injection using remote function hooking.
cyberark/PipeViewer - A tool that shows detailed information about named pipes in Windows
vu-ls/Crassus -
xpn/WAMBam - Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
FuzzySecurity/StandIn - StandIn is a small .NET35/45 AD post-exploitation toolkit
Dec0ne/ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
AnErrupTion/LoGiC.NET - A more advanced free and open .NET obfuscator using dnlib.
mandiant/SharPersist -
h4wkst3r/SharPersist - Windows Persistence Toolkit in C#
X-C3LL/SharpNTLMRawUnHide - C# version of NTLMRawUnHide
rasta-mouse/MinHook.NET - A C# port of the MinHook API hooking library
HackmichNet/AzTokenFinder -
antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
CCob/BeaconEye - Hunts out CobaltStrike beacons and logs operator command output
roobixx/EventLogForRedTeams - Simple PoC from Malicious Payload Injection from Windows Event Log Entry
daem0nc0re/TangledWinExec - PoCs and tools for investigation of Windows process execution techniques
kagurazakasanae/Mhyprot2DrvControl - A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
CCob/SharpBlock - A method of bypassing EDR's active projection DLL's by preventing entry point exection
med0x2e/GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
plackyhacker/Shellcode-Injection-Techniques - A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some tec
TheWover/DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
cyberark/RPCMon - RPC Monitor tool based on Event Tracing for Windows
eladshamir/BadWindowsService - An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
Flangvik/TeamFiltration - TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
xforcered/SCMKit - Source Code Management Attack Toolkit
PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, install
Flangvik/SharpExfiltrate - Modular C# framework to exfiltrate loot over secure and trusted channels.
nettitude/SharpWSUS -
0xthirteen/MoveKit - Cobalt Strike kit for Lateral Movement
pkb1s/SharpAllowedToAct - Computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity)
mitchmoser/SharpShares - Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
3lp4tr0n/BeaconHunter - Detect and respond to Cobalt Strike beacons using ETW.
mgeeky/Stracciatella - OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
mgeeky/SharpWebServer - Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
rvrsh3ll/SharpPrinter - Discover Printers
vivami/SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords..
djhohnstein/WireTap - .NET 4.0 Project to interact with video, audio and keyboard hardware.
nettitude/MalSCCM -
tyranid/oleviewdotnet - A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container
veler/DevToys - A Swiss Army knife for developers.
Bl4ckM1rror/ZombieThread -
vletoux/PingCastleCloud - Audit program for AzureAD
matterpreter/OffensiveCSharp - Collection of Offensive C# Tooling
rasta-mouse/TikiTorch - Process Injection
bats3c/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
GhostPack/Koh - The Token Stealer
GhostPack/KeeThief - Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
Semperis/GoldenGMSA - GolenGMSA tool for working with GMSA passwords
improsec/SharpEventPersist - Persistence by writing/reading shellcode from Event Log
Group3r/Group3r - Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
BloodHoundAD/SharpHound - C# Data Collector for BloodHound
S3cur3Th1sSh1t/SharpNamedPipePTH - Pass the Hash to a named pipe for token Impersonation
cube0x0/MiniDump - C# Lsass parser
cube0x0/SharpMapExec -
cube0x0/KrbRelay - Framework for Kerberos relaying
Dec0ne/KrbRelayUp - KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Mayyhem/SharpSCCM - A C# utility for interacting with SCCM
Mr-Un1k0d3r/ADHuntTool - official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
FatRodzianko/SharpBypassUAC - C# tool for UAC bypasses
GhostPack/SharpUp - SharpUp is a C# port of various PowerUp functionality.
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
GhostPack/SharpDPAPI - SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
CCob/SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
t3hbb/DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
TheWover/CertStealer - A .NET tool for exporting and importing certificates without touching disk.
dnSpyEx/dnSpy - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy
mandiant/ADFSDump -
improsec/ImproHound - Identify the attack paths in BloodHound breaking your AD tiering
S3cur3Th1sSh1t/SharpImpersonation - A User Impersonation tool - via Token or Shellcode injection
Kevin-Robertson/Inveigh - .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
GhostPack/SharpWMI - SharpWMI is a C# implementation of various WMI functionality.
GhostPack/Certify - Active Directory certificate abuse.
GhostPack/ForgeCert - "Golden" certificates
S3cur3Th1sSh1t/RDPThiefInject - RDPThief donut shellcode inject into mstsc
GetRektBoy724/SharpUnhooker - C# Based Universal API Unhooker
mkaring/ConfuserEx - An open-source, free protector for .NET applications
juliourena/SharpNoPSExec - Get file less command execution for lateral movement.
WithSecureLabs/physmem2profit - Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
3xpl01tc0d3r/ProcessInjection - This program is designed to demonstrate various process injection techniques
Apr4h/CobaltStrikeScan - Scan files or process memory for CobaltStrike beacons and parse their configuration
carlospolop/PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
GhostPack/Rubeus - Trying to tame the three-headed dog.
bats3c/EvtMute - Apply a filter to the events being reported by windows event logging
odedshimon/BruteShark - Network Analysis Tool
bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
anthemtotheego/SharpExec -
RythmStick/AMSITrigger - The Hunt for Malicious Strings
cobbr/SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
vletoux/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
PowerShell/PowerShell - PowerShell for every system!
zodiacon/EtwExplorer - View ETW Provider manifest
mvelazc0/PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
icsharpcode/ILSpy - .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
malcomvetter/CSExec - An implementation of PSExec in C#
mandiant/SilkETW -
MichaelGrafnetter/DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
mRemoteNG/mRemoteNG - mRemoteNG is the next generation of mRemote, open source, tabbed, multi-protocol, remote connections manager.
FuzzySecurity/Sharp-Suite - Also known by Microsoft as Knifecoat 🌶️

C++

thefLink/Hunt-Weird-Syscalls - ETW based POC to identify direct and indirect syscalls
zeroperil/HookDump - Security product hook detection
zer0condition/ReverseKit - x64 Dynamic Reverse Engineering Toolkit
ghostpepper108/Evasion -
AdamOron/PatchGuardBypass - Bypassing PatchGuard on modern x64 systems
itm4n/PPLmedic - Dump the memory of any PPL with a Userland exploit chain
br-sn/CheekyBlinder - Enumerating and removing kernel callbacks using signed vulnerable drivers
TheD1rkMtr/HeapCrypt - Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
zesiar0/MyPsExec - demo PsExec
ZeroMemoryEx/Amsi-Killer - Lifetime AMSI bypass
Processus-Thief/UnhookingDLL - This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
iovisor/bpftrace - High-level tracing language for Linux eBPF
Dec0ne/HWSyscalls - HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
Cobalt-Strike/CallStackMasker - A PoC implementation for dynamically masking call stacks with timers.
PI-Defender/pi-defender - Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.
binderlabs/DirCreate2System - Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
klezVirus/SilentMoonwalk - PoC Implementation of a fully dynamic call stack spoofer
PL-V/Firefox-Grabber - Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users
Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC - Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC
trickster0/CReadMemory - Read Memory without ReadProcessMemory for Current Process
hoangprod/AndrewSpecial - AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.
jackullrich/syscall-detect - PoC capable of detecting manual syscalls from usermode.
rad9800/TamperingSyscalls -
gmh5225/CallMeWin32kDriver - Load your driver like win32k.sys
rad9800/WTSRM - WTSRM
antonioCoco/JuicyPotatoNG - Another Windows Local Privilege Escalation from Service Account to System
hasherezade/pe-bear - Portable Executable reversing tool with a friendly GUI
dennisbabkin/InjectAll - Tutorial that demonstrates how to code a Windows driver to inject a custom DLL into all running processes. I coded it from start to finish using C++ and x86/x64 Assembly language in Microsoft Visual S
deepinstinct/Lsass-Shtinkering -
forrest-orr/moneta - Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
thesecretclub/SandboxBootkit - Bootkit for Windows Sandbox to disable DSE/PatchGuard.
mgeeky/ShellcodeFluctuation - An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
BSI-Bund/RdpCacheStitcher - RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
poweradminllc/PAExec - Remote execution, like PsExec
notdodo/adduser-dll - Simple DLL that add a user to the local Administrators group
aahmad097/AlternativeShellcodeExec - Alternative Shellcode Execution Via Callbacks
hackerhouse-opensource/iscsicpl_bypassUAC - UAC bypass for x64 Windows 7 - 11
mgeeky/ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
zodiacon/TotalRegistry - Total Registry - enhanced Registry editor/viewer
horsicq/DIE-engine - DIE engine
x64dbg/ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
RedCursorSecurityConsulting/PPLKiller - Tool to bypass LSA Protection (aka Protected Process Light)
Wh04m1001/IDiagnosticProfileUAC -
pathtofile/Sealighter - Sysmon-Like research tool for ETW
APTortellini/unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
0x09AL/RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking.
silverf0x/RpcView - RpcView is a free tool to explore and decompile Microsoft RPC interfaces
zeronetworks/rpcfirewall -
microsoft/krabsetw - KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
S3cur3Th1sSh1t/MultiPotato -
deepinstinct/LsassSilentProcessExit - Command line interface to dump LSASS memory to disk via SilentProcessExit
mpgn/BackupOperatorToDA - From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
pwn1sher/KillDefender - A small POC to make defender useless by removing its token privileges and lowering the token integrity
GossiTheDog/HiveNightmare - Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
jxy-s/herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
jthuraisamy/TelemetrySourcerer - Enumerate and disable common sources of telemetry used by AV/EDR.
Sysinternals/ProcMon-for-Linux - Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall a
Sysinternals/ProcDump-for-Linux - A Linux version of the ProcDump Sysinternals tool
hasherezade/pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
zeek/zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
osquery/osquery - SQL powered operating system instrumentation, monitoring, and analytics.

CSS

palantir/phishcatch - A browser extension and API server for detecting corporate password use on external websites
thewhiteh4t/seeker - Accurately Locate Smartphones using Social Engineering
FuzzySecurity/Fermion - Fermion, an electron wrapper for Frida & Monaco.
trustedsec/SysmonCommunityGuide - TrustedSec Sysinternals Sysmon Community Guide
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
adobe-fonts/source-code-pro - Monospaced font family for user interface and coding environments
juliocesarfort/public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.

Go

slyd0g/WhiteChocolateMacademiaNut - Interact with Chromium-based browsers' debug port to view open tabs, installed extensions, and cookies
M00NLIG7/ChopChopGo - Rapidly Search and Hunt through Linux Forensics Artifacts
quarkslab/kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing
inguardians/peirates - Peirates - Kubernetes Penetration Testing tool
anchore/grype - A vulnerability scanner for container images and filesystems
aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
iovisor/kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl
Rolix44/Kubestroyer - Kubernetes exploitation tool
cilium/hubble - Hubble - Network, Service & Security Observability for Kubernetes using eBPF
kubeshark/kubeshark - The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and cluste
BloodHoundAD/AzureHound - Azure Data Exporter for BloodHound
owasp-amass/amass - In-depth Attack Surface Mapping and Asset Discovery
optiv/Freeze - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
HavocFramework/Havoc - The Havoc Framework.
lkarlslund/ldapnomnom - Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
trufflesecurity/trufflehog - Find and verify credentials
deepfence/YaraHunter - 🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
pathtofile/commandline_cloaking - A collection of projects demonstrating various commandline cloaking techniques on Linux
DataDog/stratus-red-team - ☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
yarox24/EvtxHussar - Initial triage of Windows Event logs
lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
optiv/Ivy - Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment t
liamg/traitor - ⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
C-Sto/gosecretsdump - Dump ntds.dit really fast
FourCoreLabs/EDRHunt - Scan installed EDRs and AVs on Windows
optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
Velocidex/velociraptor - Digging Deeper....
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
drk1wi/Modlishka - Modlishka. Reverse Proxy.
rclone/rclone - "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files

HCL

Stefan-H/zero-to-splunk-cluster -
BlueTeamLabs/sentinel-attack - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

HTML

strandjs/IntroLabs - These are the labs for my Intro class. Yes, this is public. Yes, this is intentional.
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
rapid7/insightconnect-workflows - Community workflows for the InsightConnect SOAR product
jiep/offensive-ai-compilation - A curated list of useful resources that cover Offensive AI.
ninoseki/mihari - A tool for OSINT based threat hunting
f/awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better.
blueteamvillage/Project-Obsidian-DC30 -
JPCERTCC/ToolAnalysisResultSheet - Tool Analysis Result Sheet
AndrewRathbun/DFIRArtifactMuseum - The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts
AaronDinnage/Licensing - Microsoft 365 licensing diagrams
sbousseaden/EVTX-ATTACK-SAMPLES - Windows Events Attack Samples
clong/DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
GTFOBins/GTFOBins.github.io - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
TedGoas/Cerberus - A few simple, but solid patterns for responsive HTML email templates and newsletters. Even in Outlook and Gmail.

Haskell

koalaman/shellcheck - ShellCheck, a static analysis tool for shell scripts

Inno Setup

mentebinaria/retoolkit - Reverse Engineer's Toolkit

Java

NationalSecurityAgency/ghidra - Ghidra is a software reverse engineering (SRE) framework
frohoff/ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

JavaScript

elizabethsiegle/finetune-openai-model - you can add in your own data in .jsonl file!
splunk/splunk-app-examples - App examples for Splunk Enterprise
vogler/free-games-claimer - Automatically claims free games on the Epic Games Store, Amazon Prime Gaming and GOG.
StrangerealIntel/CyberThreatIntel - Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
horsicq/Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
center-for-threat-informed-defense/attack-powered-suit - ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, context menus, and ATT&CK Navigator integration.
beefproject/beef - The Browser Exploitation Framework Project
eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
Smile4ever/Neat-URL - Neat URL cleans URLs, removing parameters such as Google Analytics' utm parameters.
mrd0x/BITB - Browser In The Browser (BITB) Templates
seynur/DA-ESS-MitreContent - MITRE ATT&CK Framework compliance dashboard and correlation searches that works with Splunk Enterprise Security and ES Content Update
gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
h5bp/html5-boilerplate - A professional front-end template for building fast, robust, and adaptable web apps or sites.

Jinja

splunk/attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Jupyter Notebook

Azure/MDEASM-Solutions - Solutions developed by the MDEASM Customer Experience Engineering (CxE) Go-To Production (GTP) team for Azure MDEASM
Azure/Azure-Sentinel-Notebooks - Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
ageron/handson-ml3 - A series of Jupyter notebooks that walk you through the fundamentals of Machine Learning and Deep Learning in Python using Scikit-Learn, Keras and TensorFlow 2.
GhostPack/Invoke-Evasion - PowerShell Obfuscation and Data Science
fox-it/cobaltstrike-beacon-data - Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
Cyb3r-Monk/RITA-J - Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
mitre-attack/attack-datasources - This content is analysis and research of the data sources currently listed in ATT&CK.
Cyb3r-Monk/Threat-Hunting-and-Detection - Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Azure/Azure-Sentinel - Cloud-native SIEM for intelligent security analytics for your entire enterprise.
microsoft/Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender

Lua

ntop/ntopng - Web-based Traffic and Security Network Traffic Monitoring

Makefile

frida/frida - Clone this repo to build Frida

Nim

chvancooten/NimPlant - A light-weight first-stage C2 implant written in Nim.

Objective-C

objective-see/DylibHijackScanner - Scan your computer for applications that are either susceptible to dylib hijacking or have been hijacked.

Others

h33tlit/secret-regex-list - List of regex for scraping secret API keys and juicy information.
darkquasar/AIMOD2 - Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mi
Wack0/bitlocker-attacks - A list of public attacks on BitLocker
cckuailong/awesome-gpt-security - A curated list of awesome security tools, experimental case or other interesting things with LLM or GPT.
fortinet-fortisoar/solution-pack-soar-framework -
rod-trent/SentinelKQL - Azure Sentinel KQL
forcesunseen/llm-hackers-handbook - A guide to LLM hacking: fundamentals, prompt injection, offense, and defense
hardenedvault/bootkit-samples - Bootkit sample for firmware attack
t3l3machus/PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository ar
jsecurity101/MSRPC-to-ATTACK - A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
VirtualAlllocEx/AV-EPP-EDR-Windows-API-Hooking-List - Depending on the AV/EDR we will check which Windows APIs are hooked by the AV/EDR
chaugan/Splunk-Autodoc - Auto documentation tool for Splunk Alerts
LearningKijo/KQL - Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
rung/threat-matrix-cicd - Threat matrix for CI/CD Pipeline
jatrost/awesome-kubernetes-threat-detection - A curated list of resources about detecting threats and defending Kubernetes systems.
The-DFIR-Report/Sigma-Rules - Rules generated from our investigations.
nmantani/archiver-MOTW-support-comparison -
dracula/notepad-plus-plus - 🧛🏻‍♂️ Dark theme for Notepad++
Klimdy/Splunk-tiered-deployment-server - Configuration files for create a tiered deployment server
tsale/Sigma_rules - Random sigma rules to share with the community
jsecurity101/TelemetrySource -
CMEPW/BypassAV - This map lists the essential techniques to bypass anti-virus and EDR
mdecrevoisier/Splunk-input-windows-baseline - Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK
Octoberfest7/CS_Uploads_Tracker - Aggressor script add-in for CobaltStrike to track file uploads
fastfire/deepdarkCTI - Collection of Cyber Threat Intelligence sources from the deep and dark web
certsocietegenerale/IRM - Incident Response Methodologies 2022
wiz-sec-public/peach-framework - PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by user interfaces.
SecurityRiskAdvisors/VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
0x90n/InfoSec-Black-Friday - All the deals for InfoSec related software/tools this Black Friday
chocolatecoat/DFIR-Templates - Incident Response documents and tooling
Neo23x0/Talks - Slides of my public talks
olafhartong/Presentations - My conference presentations
super0xbad1dea/SysmonVersions -
specterops/presentations - SpecterOps Presentations
0xsyr0/OSCP - OSCP Cheat Sheet
fox-it/dissect - Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part
huntandhackett/sysmon-indepth - Understanding the operation and limitations of Sysmon's events
inodee/threathunting-spl - Splunk code (SPL) for serious threat hunters and detection engineers.
wietze/HijackLibs - Project for tracking publicly disclosed DLL Hijacking opportunities.
ocsf/ocsf-schema - OCSF Schema
Bert-JanP/Hunting-Queries-Detection-Rules - KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
NotSoSecure/password_cracking_rules - One rule to crack all passwords. or atleast we hope so.
DanielpFR/MDI -
rod-trent/SentinelPlaybooks -
pe3zx/my-infosec-awesome - My curated list of awesome links, resources and tools on infosec related topics
rod-trent/MustLearnKQL - Code included as part of the MustLearnKQL blog series
persistence-info/persistence-info.github.io -
olafhartong/ThreatHunting - A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
onceupon/Bash-Oneliner - A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
hasherezade/pe-bear-releases - PE-bear (builds only)
Purp1eW0lf/Blue-Team-Notes - You didn't think I'd go and leave the blue team out, right?
AndrewRathbun/DFIRMindMaps - A repository of DFIR-related Mind Maps geared towards the visual learners!
ch33r10/EnterprisePurpleTeaming - Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
HackingLZ/ExtractedDefender -
RistBS/Awesome-RedTeam-Cheatsheet - Red Team Cheatsheet in constant expansion.
splunk/TA-microsoft-365-defender-advanced-hunting-add-on -
ihebski/A-Red-Teamer-diaries - RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Cyber-Guy1/API-SecurityEmpire - API Security Project aims to present unique attack & defense methods in API Security field
scythe-io/purple-team-exercise-framework - Purple Team Exercise Framework
reprise99/kql-for-dfir - A guide to using Azure Data Explorer and KQL for DFIR
jsa2/kql - KQL for Azure Resource Manager and AppID search
0x4D31/awesome-threat-detection - ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️
wsummerhill/CobaltStrike_RedTeam_CheatSheet - Useful Cobalt Strike techniques learned from engagements
Sh0ckFR/DLLirant - DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
bohops/UltimateWDACBypassList - A centralized resource for previously documented WDAC bypass techniques
nasbench/EVTX-ETW-Resources - Event Tracing For Windows (ETW) Resources
jangeisbauer/AdvancedHunting - Advanced Hunting Queries for Microsoft Security Products
curated-intel/CTI-fundamentals - A collection of papers, blogs, and resources that make up the quintessential aspects of cyber threat intelligence
eshlomo1/Azure-AD-Incident-Response - Azure AD Incident Response
Ignitetechnologies/Credential-Dumping - This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples. There are multiple ways to perform the sa
palantir/alerting-detection-strategy-framework - A framework for developing alerting and detection strategies for incident response.
fabacab/awesome-cybersecurity-blueteam - 💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
vestjoe/cobaltstrike_services - AutoStart teamserver and listeners with services
dweinstein/awesome-frida - Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
N7WEra/BofAllTheThings - Creating a repository with all public Beacon Object Files (BoFs)
BC-SECURITY/Malleable-C2-Profiles - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.
gtworek/Priv2Admin - Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
Cobalt-Strike/Malleable-C2-Profiles - Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt
offensive-security/exploitdb - The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
ZephrFish/Bloodhound-CustomQueries - Custom Queries - Brought Up to BH4.1 syntax
bfuzzy1/auditd-attack - A Linux Auditd rule set mapped to MITRE's Attack Framework
abbodi1406/vcredist - AIO Repack for latest Microsoft Visual C++ Redistributable Runtimes
vysecurity/DomainFrontingLists - A list of Domain Frontable Domains by CDN
imran-parray/Mind-Maps - Mind-Maps of Several Things
mdecrevoisier/Microsoft-eventlog-mindmap - Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
reprise99/Sentinel-Queries - Collection of KQL queries
Neo23x0/sysmon-config - Sysmon configuration file template with default high-quality event tracing
aws-samples/aws-incident-response-playbooks -
outflanknl/HelpColor - Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
rucam/defender-comparison -
OTRF/OSSEM-CDM - OSSEM Common Data Model
austinsonger/Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
MHaggis/sysmon-dfir - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
swisscom/splunk-addon-powershell - Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.
microsoft/MicrosoftDefenderForEndpoint-PowerBI - A repo for sample MDATP Power BI Templates
Iveco/xknow_infosec - Random Stuff for Cyber Security Incident Response
correlatedsecurity/Awesome-SOAR - A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.
hausec/Bloodhound-Custom-Queries - Custom Query list for the Bloodhound GUI based off my cheatsheet
xenoscr/Useful-BloodHound-Queries - A collection of Neo4j/BloodHound queries to collect interesting information.
threatexpress/malleable-c2 - Cobalt Strike Malleable C2 Design and Reference Guide
marcusbakker/KQL - Kusto Query Language
Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
EricZimmerman/KapeFiles - This repository serves as a place for community created Targets and Modules for use with KAPE.
zer0yu/Awesome-CobaltStrike - CobaltStrike的相关资源汇总 / List of Awesome CobaltStrike Resources
FalconForceTeam/FalconFriday - Hunting queries and detections
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
imthenachoman/How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
microsoft/MSRC-Security-Research - Security Research from the Microsoft Security Response Center (MSRC)
teoseller/osquery-attck - Mapping the MITRE ATT&CK Matrix with Osquery
RedDrip7/APT_Digital_Weapon - Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
sbousseaden/Slides - Misc Threat Hunting Resources
blaCCkHatHacEEkr/PENTESTING-BIBLE - articles
S3cur3Th1sSh1t/Pentest-Tools -
tanprathan/MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
wsargent/docker-cheat-sheet - Docker Cheat Sheet
S3cur3Th1sSh1t/Amsi-Bypass-Powershell - This repo contains some Amsi Bypass methods i found on different Blog Posts.
Neo23x0/auditd - Best Practice Auditd Configuration
misterch0c/what_is_this_c2 - For all these times you're asking yourself "what is this panel again?"
wtsxDev/reverse-engineering - List of awesome reverse engineering resources
michalmalik/linux-re-101 - A collection of resources for linux reverse engineering
Voorivex/pentest-guide - Penetration tests guide based on OWASP including test cases, resources and examples.
mattnotmax/cyberchef-recipes - A list of cyber-chef recipes and curated links
snoopysecurity/awesome-burp-extensions - A curated list of amazingly awesome Burp Extensions
infosecn1nja/AD-Attack-Defense - Attack and defend active directory using modern post exploitation adversary tradecraft activity
palantir/osquery-configuration - A repository for using osquery for incident detection and response
SwiftOnSecurity/sysmon-config - Sysmon configuration file template with default high-quality event tracing
infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
shieldfy/API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
cugu/awesome-forensics - A curated list of awesome forensic analysis tools and resources
yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
jivoi/awesome-osint - 😱 A curated list of amazingly awesome OSINT
meirwah/awesome-incident-response - A curated list of tools for incident response
aloisdg/awesome-regex - A curated collection of awesome Regex libraries, tools, frameworks and software
iCHAIT/awesome-macOS -  A curated list of awesome applications, softwares, tools and shiny things for macOS.
hslatman/awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
h5bp/server-configs-nginx - Nginx HTTP server boilerplate configs
enaqx/awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
veggiemonk/awesome-docker - 🐳 A curated list of Docker resources and projects

PHP

fuzzdb-project/fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
MISP/MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
danielmiessler/SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi

Pascal

DarkCoderSc/SubSeven - SubSeven Legacy Official Source Code Repository
cheat-engine/cheat-engine - Cheat Engine. A development environment focused on modding
diversenok/TokenUniverse - An advanced tool for working with access tokens and Windows security policy.
0xsp-SRD/mortar - evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

Perl

samyk/slipstream - NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website
major/MySQLTuner-perl - MySQLTuner is a script written in Perl that will assist you with your MySQL configuration and make recommendations for increased performance and stability.

PowerShell

tsale/EDR-Telemetry - This project aims to compare and evaluate the telemetry of various EDR products.
d4rksystem/VMwareCloak - A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.
namazso/physmem_drivers - A collection of various vulnerable (mostly physical memory exposing) drivers.
vectra-ai-research/MAAD-AF - MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Azure AD.
TrimarcJake/Locksmith - A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services
microsoft/mde-api-gui - Simple GUI for Microsoft Defender for Endpoint API machine actions in PowerShell.
thalpius/Microsoft-Defender-for-Identity-Auditing-Checker-using-Sentinel -
JoelGMSec/AzureGraph - Azure AD enumeration over MS Graph
admindroid-community/powershell-scripts - Office 365 Reporting PowerShell Scripts
csandker/Azure-AccessPermissions -
olafhartong/sysmon-parser - Automatically generated Sysmon parser for Azure Sentinel
olafhartong/MDE-AuditCheck - MDE relies on some of the Audit settings to be enabled
Cyberlorians/MDE -
NextronSystems/evtx-baseline - A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
ANSSI-FR/ADTimeline - Timeline of Active Directory changes with replication metadata
eshlomo1/MS-Defender-4-xOPS -
rvrsh3ll/Misc-Powershell-Scripts - Random Tools
Mr-Un1k0d3r/ATP-PowerShell-Scripts - Microsoft Signed PowerShell scripts
mattifestation/AntimalwareBlight - Execute PowerShell code at the antimalware-light protection level.
LuccaSA/PingCastle-Notify - Monitor your PingCastle scans to highlight the rule diff between two scans
microsoft/Microsoft-Defender-for-Identity - Additional resources to improve customer experience with Microsoft Defender for Identity
dwmetz/QuickPcap - A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
gtworek/PSBits - Simple (relatively) things allowing you to dig a bit deeper than usual.
mattifestation/WDACTools - A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
tobor88/PowerShell-Red-Team - Collection of PowerShell functions a Red Teamer may use in an engagement
BloodHoundAD/BARK - BloodHound Attack Research Kit
silverhack/monkey365 - Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews.
last-byte/PersistenceSniper - Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
mgeeky/ProtectMyTooling - Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with
Johnng007/Live-Forensicator - Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response
VirtualAlllocEx/Payload-Download-Cradles - This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
vanvfields/Microsoft-365 - Scripts to help configure Microsoft 365
NetSPI/MicroBurst - A collection of scripts for assessing Microsoft Azure security
darkquasar/AzureHunter - A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
mgeeky/Penetration-Testing-Tools - A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
R3MRUM/PSDecode - PowerShell script for deobfuscating encoded PowerShell scripts
invictus-ir/Microsoft-Extractor-Suite - A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
AustralianCyberSecurityCentre/windows_event_logging - Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
cventour/PoSH - Random Powershell scripts
treebuilder/aad-sso-enum-brute-spray - POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln
nyxgeek/o365recon - retrieve information via O365 and AzureAD with a valid cred
PowerShellMafia/PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework
mamun-sec/dfirt - Collect information of Windows PC when doing incident response
nsacyber/Event-Forwarding-Guidance - Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
rvrsh3ll/TokenTactics - Azure JWT Token Manipulation Toolset
eshlomo1/Microsoft-365 - Microsoft 365 Stuff and scripts for IT and Security
blackhillsinfosec/EventLogging - Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
airbus-cert/Invoke-Bof - Load any Beacon Object File using Powershell!
mgeeky/cobalt-arsenal - My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
enjoiz/Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation.
danielbohannon/Invoke-Obfuscation - PowerShell Obfuscator
mandiant/Mandiant-Azure-AD-Investigator -
eshlomo1/Microsoft-Sentinel-SecOps - Microsoft Sentinel SOC Operations
microsoft/MSTIC-Sysmon - Anything Sysmon related from the MSTIC R&D team
SNGWN/Burp-Suite - || Activate Burp Suite Pro with Key-Generator and Key-Loader ||
rootsecdev/Azure-Red-Team - Azure Security Resources and Notes
Gerenios/AADInternals - AADInternals PowerShell module for administering Azure AD and Office 365
hak5/bashbunny-payloads - The Official Bash Bunny Payload Repository
hausec/PowerZure - PowerShell framework to assess Azure security
BloodHoundAD/Legacy-AzureHound.ps1 -
Azure/Enterprise-Scale - The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organiza
GhostPack/PSPKIAudit - PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
S3cur3Th1sSh1t/Invoke-SharpLoader -
S3cur3Th1sSh1t/NamedPipePTH - Pass the Hash to a named pipe for token Impersonation
redcanaryco/invoke-atomicredteam - Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team proj
Cloud-Architekt/AzureAD-Attack-Defense - This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.
Azure/Microsoft-Defender-for-Cloud - Welcome to the Microsoft Defender for Cloud community repository
redcanaryco/AtomicTestHarnesses - Public Repo for Atomic Test Harness
mattifestation/PowerShellArsenal - A PowerShell Module Dedicated to Reverse Engineering
dafthack/MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services
cyberark/RiskySPN - Detect and abuse risky SPNs
microsoft/New-KrbtgtKeys.ps1 - This script will enable you to reset the krbtgt account password and related keys while minimizing the likelihood of Kerberos authentication issues being caused by the operation.
lazywinadmin/PowerShell - PowerShell functions and scripts (Azure, Active Directory, SCCM, SCSM, Exchange, O365, ...)
jokezone/Update-Sysmon - This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.
S3cur3Th1sSh1t/PowerSharpPack -
PowerFeature/WT64 - A Commodore 64 Skin for Windows Terminal
itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
alexverboon/MDATP - Microsoft 365 Defender - Resource Hub
davidprowe/BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. A
NetSPI/PowerUpSQL - PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
adbertram/Random-PowerShell-Work - Random PowerShell Work
S3cur3Th1sSh1t/Creds - Some usefull Scripts and Executables for Pentest & Forensics
S3cur3Th1sSh1t/WinPwn - Automation for internal Windows Penetrationtest / AD-Security
BC-SECURITY/Empire - Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
mantvydasb/RedTeaming-Tactics-and-Techniques - Red Teaming Tactics and Techniques
OTRF/Security-Datasets - Re-play Security Events
sans-blue-team/DeepBlueCLI -
EvotecIT/PSWinReporting - This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Eve
hlldz/Phant0m - Windows Event Log Killer
NotMedic/NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
davehull/Kansa - A Powershell incident response framework
olafhartong/sysmon-modular - A repository of sysmon configuration modules
BloodHoundAD/BloodHound - Six Degrees of Domain Admin
redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
dafthack/MailSniper - MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can b

Python

l4rm4nd/LinkedInDumper - Python 3 script to dump company employees from LinkedIn API
GreyDGL/PentestGPT - A GPT-empowered penetration testing tool
Azure-Samples/azure-search-openai-demo - A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure Cognitive Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experien
infosecB/LOOBins - Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
TheHive-Project/Cortex-Analyzers - Cortex Analyzers Repository
rod-trent/OpenAISecurity - Scripts and Content for working with Open AI
greycatsec/cookienapper - Python tool for kidnapping Chrome cookies from a MacOS target
Laokoon-SecurITy/Cortex-XDR-Config-Extractor - Cortex XDR Config Extractor
microsoft/JARVIS - JARVIS, a system to connect LLMs with ML community. Paper: https://arxiv.org/pdf/2303.17580.pdf
nasbench/Misc-Research - A collection of tools, scripts and personal research
microsoft/TaskMatrix -
dgtlmoon/changedetection.io - The best and simplest free open source website change detection, restock monitor and notification service. Restock Monitor, change detection. Designed for simplicity - Simply monitor which websites ha
magicsword-io/LOLDrivers - Living Off The Land Drivers
carta/krang - Knowledge Report Alert & Normalization Generator
XiaoliChan/wmiexec-Pro - New generation of wmiexec.py
FalconForceTeam/FalconForge - This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365
wealthsimple/odef - This is a public template repository for the Open Detection Engineering Framework
cisagov/untitledgoosetool - Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure A
krdmnbrk/play-with-splunk -
MzHmO/psexec_noinstall - Repository contains psexec, which will help to exploit the forgotten pipe
aquasecurity/kube-hunter - Hunt for security weaknesses in Kubernetes clusters
cyberark/KubiScan - A tool to scan Kubernetes cluster for risky permissions
mgreen27/DetectRaptor - A repository to share publicly available Velociraptor detection content
tothi/serviceDetector - Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin privileges.
Neo23x0/yaraQA - YARA rule analyzer to improve rule quality and performance
mxrch/GHunt - 🕵️‍♂️ Offensive Google framework.
secureworks/family-of-client-ids-research - Research into Undocumented Behavior of Azure AD Refresh Tokens
splunk-soar-connectors/office365 -
trustedsec/orpheus - Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
t3l3machus/Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among conn
Eilonh/s3crets_scanner -
GhostManager/Ghostwriter - The SpecterOps project management and reporting engine
welldone-cloud/aws-list-resources -
h4wkst3r/InvisibilityCloak - Proof-of-concept obfuscation toolkit for C# post-exploitation tools
microsoft/msticpy - Microsoft Threat Intelligence Security Tools
Qianlitp/WatchAD - AD Security Intrusion Detection System
MWR-CyberSec/PXEThief - PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
Oros42/IMSI-catcher - This program show you IMSI numbers of cellphones around you.
antonioCoco/SharPyShell - SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications
Ge0rg3/requests-ip-rotator - A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
xRET2pwn/Teamsniper - Teamsniper is a tool for fetching keywords in a Microsoft Teams such as (passwords, emails, database, etc.).
WazeHell/sam-the-admin - Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
splunk/melting-cobalt - A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
mgeeky/PackMyPayload - A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
markernest0/splunkdefeat - Splunk Enterprise SDK for Python wrapper for red teams
c3c/ADExplorerSnapshot.py - ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
post-cyberlabs/Offensive_tools -
ANSSI-FR/bmc-tools - RDP Bitmap Cache parser
ConsciousHacker/WFH -
threatexpress/cs2modrewrite - Convert Cobalt Strike profiles to modrewrite scripts
microsoft/fluentui-emoji - A collection of familiar, friendly, and modern emoji from Microsoft
mgeeky/RedWarden - Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
Azure/Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
janoglezcampos/DeathSleep - A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
t3l3machus/hoaxshell - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
decompiler-explorer/decompiler-explorer - Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser!
cve-search/cve-search - cve-search - a tool to perform local searches for known vulnerabilities
sa7mon/S3Scanner - Scan for open S3 buckets and dump the contents
nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
thilles/TA-microsoft-365-defender-threat-vulnerability-add-on -
p0dalirius/DumpSMBShare - A script to dump files and folders remotely from a Windows SMB share.
p0dalirius/windows-coerced-authentication-methods - A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
p0dalirius/Coercer - A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
ly4k/Certipy - Tool for Active Directory Certificate Services enumeration and abuse
WillOram/AzureAD-incident-response - Notes on responding to security breaches relating to Azure AD
ShutdownRepo/smartbrute - Password spraying and bruteforcing tool for Active Directory Domain Services
ustayready/fireprox - AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
dirkjanm/ldapdomaindump - Active Directory information dumper via LDAP
n00py/LAPSDumper - Dumping LAPS from Python
TarlogicSecurity/kerbrute - An script to perform kerberos bruteforcing by using impacket
splunk/splunk-ansible - Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments
dirkjanm/krbrelayx - Kerberos unconstrained delegation abuse toolkit
FalconForceTeam/SysWhispers2BOF - Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
bigb0sss/RedTeam-OffensiveSecurity - Tools & Interesting Things for RedTeam Ops
threatexpress/random_c2_profile - Cobalt Strike random C2 Profile generator
0xZDH/o365spray - Username enumeration and password spraying tool aimed at Microsoft O365.
carlospolop/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
blacklanternsecurity/MANSPIDER - Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
ramen0x3f/AggressorScripts -
fox-it/dissect.cobaltstrike - Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
klezVirus/SysWhispers3 - SysWhispers on Steroids - AV/EDR evasion via direct system calls.
Mr-Un1k0d3r/PowerLessShell - Run PowerShell command without invoking powershell.exe
AlessandroZ/LaZagne - Credentials recovery project
0xInfection/Awesome-WAF - 🔥 Web-application firewalls (WAFs) from security standpoint.
dievus/Oh365UserFinder - Python3 o365 User Enumeration Tool
ihebski/DefaultCreds-cheat-sheet - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
jklepsercyber/defender-detectionhistory-parser - A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
p0dalirius/LDAPmonitor - Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
HashPals/Name-That-Hash - 🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a neat web app 🔥
ly4k/PrintNightmare - Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
Orange-Cyberdefense/arsenal - Arsenal is just a quick inventory and launcher for hacking programs
sinwindie/OSINT - Collections of tools and methods created to aid in OSINT collection
google/timesketch - Collaborative forensic timeline analysis
secretsquirrel/SigThief - Stealing Signatures and Making One Invalid Signature at a Time
murchisd/splunk_pstree_app - Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
Sentinel-One/CobaltStrikeParser -
ticarpi/jwt_tool - 🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
3CORESec/SIEGMA - SIEGMA - Transform Sigma rules into SIEM consumables
klezVirus/chameleon - PowerShell Script Obfuscator
initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
1132719438/starred - creating your own Awesome List by GitHub stars!
alertmanager/alert_manager - Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
atc-project/atc-react - A knowledge base of actionable Incident Response techniques
OTRF/OSSEM-DM - OSSEM Detection Model
OTRF/OSSEM-DD - OSSEM Data Dictionaries
ricardojoserf/adfsbrute - A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.
RealityNet/attack-coverage - an excel-centric approach for the MITRE ATT&CK® Tactics and Techniques
DidierStevens/DidierStevensSuite - Please no pull requests for this repository. Thanks!
phantomcyber/playbooks - Phantom Community Playbooks
beurtschipper/Depix - Recovers passwords from pixelized screenshots
krabelize/icmpdoor - ICMP Reverse Shell written in Python 3 and with Scapy (backdoor/rev shell)
fox-it/BloodHound.py - A Python based ingestor for BloodHound
skelsec/pypykatz - Mimikatz implementation in pure Python
nidem/kerberoast -
Ben0xA/HoneyCreds - HoneyCreds network credential injection to detect responder and other network poisoners.
dirkjanm/ROADtools - A collection of Azure AD tools for offensive and defensive security purposes
splunk/attack_data - A repository of curated datasets from various attacks
TheresAFewConors/Sooty - The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
x90skysn3k/brutespray - Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
sleventyeleven/linuxprivchecker - linuxprivchecker.py -- a Linux Privilege Escalation Check Script
alexandreborges/malwoverview - Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Threa
Hackndo/lsassy - Extract credentials from lsass remotely
intelowlproject/IntelOwl - Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
nyxgeek/ntlmscan - scan for NTLM directories
mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
elastic/detection-rules - Rules for Elastic Security's detection engine
mufeedvh/basecrack - Decode All Bases - Base Scheme Decoder
PlumHound/PlumHound - Bloodhound for Blue and Purple Teams
0xC01DF00D/Collabfiltrator - Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
dirkjanm/mitm6 - pwning IPv4 via IPv6
splunk/security_content - Splunk Security Content
byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
0x4D31/fatt - FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
ForensicArtifacts/artifacts - Digital Forensics Artifact Repository
mitre/caldera - Automated Adversary Emulation Platform
adhorn/chaos-ssm-documents - Collection of AWS SSM Documents to perform Chaos Engineering experiments
volatilityfoundation/volatility3 - Volatility 3.0 development
maurosoria/dirsearch - Web path scanner
ReFirmLabs/binwalk - Firmware Analysis Tool
log2timeline/plaso - Super timeline all the things
mitre-attack/car - Cyber Analytics Repository
bitsadmin/wesng - Windows Exploit Suggester - Next Generation
marcurdy/dfir-toolset - Dump of organized knowledge on DFIR
OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
JonathanSalwan/ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and
OTRF/OSSEM - Open Source Security Events Metadata (OSSEM)
dirkjanm/PrivExchange - Exchange your privileges for Domain Admin privs by abusing Exchange
lgandx/Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication
FortyNorthSecurity/EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
google/grr - GRR Rapid Response: remote live forensics for incident response
mandiant/flare-floss - FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
volatilityfoundation/volatility - An advanced memory forensics framework
elceef/dnstwist - Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
wifiphisher/wifiphisher - The Rogue Access Point Framework
salesforce/ja3 - JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
demisto/content - Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR's ever-growing Content Repository. Pull Requests are always welcome and highly appreciated!
SigmaHQ/sigma - Main Sigma Rule Repository
Porchetta-Industries/CrackMapExec - A swiss army knife for pentesting networks
OTRF/ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
JPCERTCC/LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
quentinhardy/odat - ODAT: Oracle Database Attacking Tool
xmendez/wfuzz - Web application fuzzer
Veil-Framework/Veil - Veil 3.1.X (Check version info in Veil at runtime)
AlessandroZ/BeRoot - Privilege Escalation Project - Windows / Linux / Mac
secdev/scapy - Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool
andresriancho/w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
fortra/impacket - Impacket is a collection of Python classes for working with network protocols.
trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
fail2ban/fail2ban - Daemon to ban hosts that cause multiple authentication errors

Rich Text Format

decalage2/oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Roff

palantir/windows-event-forwarding - A repository for using windows event forwarding for incident detection and response

Ruby

Hackplayers/evil-winrm - The ultimate WinRM shell for hacking/pentesting
rapid7/metasploit-framework - Metasploit Framework

Rust

Kudaes/Bin-Finder - Detect EDR's exceptions by inspecting processes' loaded modules
Yamato-Security/hayabusa - Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
0x192/universal-android-debloater - Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
mufeedvh/pdfrip - A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
WithSecureLabs/chainsaw - Rapidly Search and Hunt through Windows Forensic Artefacts

SCSS

rabobank-cdc/DeTTECT - Detect Tactics, Techniques & Combat Threats

Scala

TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Shell

edoardottt/awesome-hacker-search-engines - A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
jgasmussen/Linux-Baseline-and-Forensic-Triage-Tool - Linux Baseline and Forensic Triage Tool - BETA
arget13/DDexec - A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
MichaelCade/90DaysOfDevOps - I am using this repository to document my journey learning about DevOps. I began this process on January 1, 2022, and plan to continue until March 31. I will be dedicating one hour each day, including
IvanGlinkin/AutoSUID - AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.
IvanGlinkin/shellDAVpass - shellDAVpass application is the Open-Source project, the main idea of which is to bypass the defender and AntiVirus detections to conduct a non interactive reverse shell to execute the Windows command
zephrax/linux-pam-backdoor - Linux PAM Backdoor
tclahr/uac - UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, O
extremeshok/clamav-unofficial-sigs - ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com
scopatz/nanorc - Improved Nano Syntax Highlighting Files
diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
ukncsc/lme - Logging Made Easy
CISOfy/lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
toniblyx/my-arsenal-of-aws-security-tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
rebootuser/LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
The-Z-Labs/linux-exploit-suggester - Linux privilege escalation auditing tool
zardus/ctf-tools - Some setup scripts for security research tools.
h5bp/server-configs-apache - Apache HTTP server boilerplate configs

Swift

sametsazak/mergen - Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.
redcanaryco/mac-monitor - Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displa

TypeScript

mttaggart/wtfbins - WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
cisagov/RedEye - RedEye is a visual analytic tool supporting Red & Blue Team operations
fingerprintjs/fingerprintjs - Browser fingerprinting library. Compared to Fingerprint Pro has limited accuracy (40 - 60%), but is fully open source.

VBA

S3cur3Th1sSh1t/OffensiveVBA - This repo covers some code execution and AV Evasion methods for Macros in Office documents

XSLT

LOLBAS-Project/LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

YARA

GossiTheDog/ThreatHunting - Tools for hunting for threats.
elastic/protections-artifacts - Elastic Security detection content for Endpoint
Neo23x0/signature-base - YARA signature and IOC database for my scanners and tools
nsacyber/Mitigating-Web-Shells - Guidance for mitigation web shells. #nsacyber
Yara-Rules/rules - Repository of yara rules

Name		Name	Last commit message	Last commit date
Latest commit History 122 Commits
screenshots		screenshots
M365D_Splunk_TA_microsoft-cloudservices_fieldaliases.md		M365D_Splunk_TA_microsoft-cloudservices_fieldaliases.md
M365D_tables.md		M365D_tables.md
README.md		README.md

Iveco/xknow_infosec

Folders and files

Latest commit

History

Repository files navigation

Github recommendations

Assembly

AutoIt

Batchfile

Boo

C

C#

C++

CSS

Go

HCL

HTML

Haskell

Inno Setup

Java

JavaScript

Jinja

Jupyter Notebook

Lua

Makefile

Nim

Objective-C

Others

PHP

Pascal

Perl

PowerShell

Python

Rich Text Format

Roff

Ruby

Rust

SCSS

Scala

Shell

Swift

TypeScript

VBA

XSLT

YARA

About

Resources

Stars

Watchers

Forks