Lists (32)
AD/ADCS
94 repositories
AdversorySimulation
205 repositories
AMSI and ETW
2 repositories
APT / Threat Intel
41 repositories
asm windows
21 repositories
AV
124 repositories
AWS/Azure/Microsoft GraphAPI/GCP
88 repositories
C/cpp
324 repositories
C#/ps1
161 repositories
C2
256 repositories
COM
22 repositories
DevSecOps, identity focused tool
4 repositories
Dll hijacking
28 repositories
EDR
301 repositories
🔮 Future ideas
60 repositories
go
12 repositories
IntialAccess
9 repositories
IR and Forensics
4 repositories
Linux kernel and macOS repo
23 repositories
LSASS | CG | PPL | Kernel CalBak
51 repositories
MalwareAnalysis&RE
Resources related to Malware Analysis and RE47 repositories
Offensive AI
13 repositories
OSINT
11 repositories
Pentest/Exploitation
24 repositories
post exp
203 repositories
RedTeam
292 repositories
SAAS/Oauth/PurpleTeam
3 repositories
shellcode
88 repositories
threatDetect
134 repositories
UAC Bypass
13 repositories
Win Platform Security feature
Credential Guard | CFG | PatchGuard | DSE6 repositories
Windows Kernel driver
68 repositories
Starred repositories
204
results
for sponsorable starred repositories
Clear filter
Adversary tradecraft detection, protection, and hunting
A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, & more
Browser extension for reverse image search, available for Chrome, Edge and Safari
Helping defenders learn and validate npm supply-chain detections with safe atomic tests.
Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulation on Windows x64. For security research and learning purpos…
Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB
Program for determining types of files for Windows, Linux and MacOS.
A library for creating, reading and editing PE files and .NET modules.
Easy XOR string encryption for NET based binaries
Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
Collection of powershell scripts I used to complete my CARTP and CARTE courses.
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
MeshAgent used along with MeshCentral to remotely manage computers. Many variations of the background management agent are included as binaries in the MeshCentral project.
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
BloodyAD is an Active Directory Privilege Escalation Framework
Simple and fast anti-censorship tool written in Go
