An Information Security Reference That Doesn't Suck
infosec infosec-reference reverse-engineering hacking pentesting penetration-testing references privilege-escalation exfiltration information-security blueteam red-team osx forensics hacking-simulator privilege-escalation-exploits mitre-attack-dbThere are currently three different lists. The goal of these lists are to document every binary, script and library that can be used for Living Off The Land techniques.
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-landLogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. This tool can visualize the following event id related to Windows logon based on this research. LogonTracer uses PageRank, Hidden Markov model and ChangeFinder to detect malicious hosts and accounts from event log. With LogonTracer, it is also possible to display event logs in a chronological order.
visualization security active-directory dfir event-log python-3 blueteamBrought to you by Active Countermeasures. RITA is an open source framework for network traffic analysis.
rita network-traffic threat scanning offensive-countermeasures bro-ids blueteam security logs analytics analysis bhis beacon beacon-sniffer dns dns-tunneling dgaGTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.
post-exploitation unix bypass gtfobins binaries reverse-shell bind-shell exfiltration redteam blueteamReleased as Proof of Concept for Blue and Purple teams to more effectively use BloodHoundAD in continual security life-cycles by utilizing the BloodHoundAD pathfinding engine to identify Active Directory security vulnerabilities resulting from business operations, procedures, policies and legacy service operations. PlumHound operates by wrapping BloodHoundAD's powerhouse graphical Neo4J backend cypher queries into operations-consumable reports. Analyzing the output of PlumHound can steer security teams in identifying and hardening common Active Directory configuration vulnerabilities and oversights.
neo4j directory active-directory bloodhound active infosec blueteam purpleteam bloodhoundad bloodhoundad-cypher-queries purple-teams plumhound-tasks bloodhoundad-pathfinding-engine bluehound attack-pathsThis repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.
sql-injection fuzzer metasploit payload c-sharp automation mono xamarin security nessus openvas nexpose sqlmap arachni clamav cuckoo-sandbox pentesting blueteam redteamA collection of scripts I've written to help red and blue teams with malware persistence techniques. I take no responsibility for how they're used. These are techniques that I regularly use to ensure that my agents can survive reboots. Majority of my persistence scripts are written in PowerShell since it's an excuse for me to learn it. May these scripts help you evade many a blue team.
persistence malware redteam blueteam powershell living-off-the-landMalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community. These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to the Windows EventLog, then you can foward it to your event collector.
blueteam dfir mitre-attack sysmon siem redteam powershellJSON DATASET for macOS mapped to MITRE ATT&CK Techniques and Tactics recorded using Elastic Endpoint Security for macOS. N.B. for community contributions any forms of logs collection and formats are acceptable (preference for JSON).
detection threat-hunting elastic blueteam mitre-attackIf you click the HTTP 200 code, it will open a new tab for you to the successful response that generated the graph. I found this sometimes comes in handy. For what kathe is, how it works and why I bothered building it, I kindly refer you to My slides for Bsides Cymru 2019.
redis malware-analysis score malware-research ssdeep blueteam malware-detection blueteamingImport the module in the current PowerShell session. Use the script with dot sourcing.
activedirectory blueteam deception redteam
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.