Displaying 1 to 12 from 12 results

LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

  •    XSLT

There are currently three different lists. The goal of these lists are to document every binary, script and library that can be used for Living Off The Land techniques.

LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log

  •    Python

LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. This tool can visualize the following event id related to Windows logon based on this research. LogonTracer uses PageRank, Hidden Markov model and ChangeFinder to detect malicious hosts and accounts from event log. With LogonTracer, it is also possible to display event logs in a chronological order.


  •    HTML

GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.

PlumHound - Bloodhound for Blue and Purple Teams

  •    Python

Released as Proof of Concept for Blue and Purple teams to more effectively use BloodHoundAD in continual security life-cycles by utilizing the BloodHoundAD pathfinding engine to identify Active Directory security vulnerabilities resulting from business operations, procedures, policies and legacy service operations. PlumHound operates by wrapping BloodHoundAD's powerhouse graphical Neo4J backend cypher queries into operations-consumable reports. Analyzing the output of PlumHound can steer security teams in identifying and hardening common Active Directory configuration vulnerabilities and oversights.

gray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#

  •    CSharp

This repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.

MalwarePersistenceScripts - A collection of scripts I've written to help red and blue teams with malware persistence techniques

  •    PowerShell

A collection of scripts I've written to help red and blue teams with malware persistence techniques. I take no responsibility for how they're used. These are techniques that I regularly use to ensure that my agents can survive reboots. Majority of my persistence scripts are written in PowerShell since it's an excuse for me to learn it. May these scripts help you evade many a blue team.

MalwLess - Test Blue Team detections without running any attack.

  •    CSharp

MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community. These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to the Windows EventLog, then you can foward it to your event collector.

macOS-ATTACK-DATASET - JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.


JSON DATASET for macOS mapped to MITRE ATT&CK Techniques and Tactics recorded using Elastic Endpoint Security for macOS. N.B. for community contributions any forms of logs collection and formats are acceptable (preference for JSON).

kathe - A GUI/REST interface to find similarities in large sets (think: binaries). Based on ssdeep.

  •    Javascript

If you click the HTTP 200 code, it will open a new tab for you to the successful response that generated the graph. I found this sometimes comes in handy. For what kathe is, how it works and why I bothered building it, I kindly refer you to My slides for Bsides Cymru 2019.

Deploy-Deception - A PowerShell module to deploy active directory decoy objects.

  •    PowerShell

Import the module in the current PowerShell session. Use the script with dot sourcing.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.