KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Elastic Security detection content for Endpoint

Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on multiple such images

A simple program to automate Microsoft OAuth device code phishing attacks.

Conditional Access Reporting

一个攻防知识库。A knowledge base for red teaming and offensive security.

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

PowerShell framework to assess Azure security

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Azure JWT Token Manipulation Toolset

Trying to tame the three-headed dog.

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

A simple, high-throughput file client for mounting an Amazon S3 bucket as a local file system.

Run Cobalt Strike BOFs in Brute Ratel C4!

Establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script)

Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload.

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.

My Notes about Penetration Testing

How to dump lsass via spoolsv with DLL side-loading.

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Open Cyber Threat Intelligence Platform

RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.

Office 365 Reporting PowerShell Scripts