marcosValle / Awesome Windows Red Team
Licence: mit
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
Stars: ✭ 308
Programming Languages
powershell
5483 projects
Projects that are alternatives of or similar to Awesome Windows Red Team
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+25.97%)
Mutual labels: pentest, evasion, privilege-escalation
Evilurl
Generate unicode evil domains for IDN Homograph Attack and detect them.
Stars: ✭ 654 (+112.34%)
Mutual labels: pentest, phishing
Msdat
MSDAT: Microsoft SQL Database Attacking Tool
Stars: ✭ 621 (+101.62%)
Mutual labels: pentest, privilege-escalation
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+248.38%)
Mutual labels: pentest, privilege-escalation
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+1254.87%)
Mutual labels: pentest, privilege-escalation
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+10584.74%)
Mutual labels: pentest, privilege-escalation
Awesome Privilege Escalation
A curated list of awesome privilege escalation
Stars: ✭ 413 (+34.09%)
Mutual labels: pentest, privilege-escalation
Mida Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-53.25%)
Mutual labels: pentest, privilege-escalation
Umbrella
A Phishing Dropper designed to Pentest.
Stars: ✭ 180 (-41.56%)
Mutual labels: pentest, phishing
Socialfish
Phishing Tool & Information Collector
Stars: ✭ 2,522 (+718.83%)
Mutual labels: pentest, phishing
Suid3num
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Stars: ✭ 342 (+11.04%)
Mutual labels: pentest, privilege-escalation
Odat
ODAT: Oracle Database Attacking Tool
Stars: ✭ 906 (+194.16%)
Mutual labels: pentest, privilege-escalation
Dr0p1t Framework
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (+267.53%)
Mutual labels: pentest, phishing
Pentest-Service-Enumeration
Suggests programs to run against services found during the enumeration phase of a Pentest
Stars: ✭ 80 (-74.03%)
Mutual labels: pentest, privilege-escalation
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-80.19%)
Mutual labels: pentest, privilege-escalation
Invizzzible
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
Stars: ✭ 268 (-12.99%)
Mutual labels: evasion
Streamingphish
Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.
Stars: ✭ 271 (-12.01%)
Mutual labels: phishing
Blacknet
Free advanced and modern Windows botnet with a nice and secure PHP panel.
Stars: ✭ 271 (-12.01%)
Mutual labels: pentest
Awesome Windows Red Team
A curated list of awesome Windows talks, tools and resources for Red Teams, from beginners to ninjas.
Contents
- Books
- Courses
- System Architecture
- Lateral Movement
- Privilege Escalation
- Defense Evasion
- Exfiltration
- PowerShell
- Phishing
- Tools
Books
- Windows Internals, Seventh Edition, Part 1
- Windows Internals, Sixth Edition, Part 1
- Windows Internals, Sixth Edition, Part 2
- How to Hack Like a PORNSTAR: A step by step process for breaking into a BANK
- Windows® via C/C++ (Developer Reference) (English Edition)
- The Hacker Playbook 3: Practical Guide To Penetration Testing
Courses
- Professor Messer's CompTIA SY0-501 Security+ Course
- Penetration Testing with Kali (PWK) Online Security Training Course
- Offensive Security Certified Expert
- Advanced Windows Exploitation: Live Hands-on Penetration Testing Training
- Windows API Exploitation Recipes: Processes, Tokens and Memory RW
- Powershell for Pentesters - Pentester Academy
- WMI Attacks and Defense - Pentester Academy
- Windows Red Team Lab - Pentester Academy
System Architecture
Active Directory
- ADsecurity.org
- DerbyCon4 - How to Secure and Sys Admin Windows like a Boss
- DEFCON 20: Owned in 60 Seconds: From Network Guest to Windows Domain Admin
- BH2015 - Red Vs. Blue: Modern Active Directory Attacks, Detection, And Protection
- BH2016 - Beyond the Mcse: Active Directory for the Security Professional
- BH2017 - Evading Microsoft ATA for Active Directory Domination
- DEFCON 26 - Exploiting Active Directory Administrator Insecurities
- BH2017 - An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
- DerbyCon7 - Building the DeathStar getting Domain Admin with a push of a button (aka how I almost automated myself out pf a job)
- DerbyCon4 - Abusing Active Directory in Post Exploitation
Kerberos
- Kerberos (I): How does Kerberos work? – Theory
- Protecting Privileged Domain Accounts: Network Authentication In-Depth
- Basic attacks on communication protocols – replay and reflection attacks
- MicroNugget: How Does Kerberos Work?
- MIT 6.858 Fall 2014 Lecture 13: Kerberos
- DerbyCon4 - Et tu Kerberos
- DerbyCon7 - Return From The Underworld The Future Of Red Team Kerberos
- BH2014 - Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
- DerbyCon4 - Attacking Microsoft Kerberos Kicking the Guard Dog of Hades
- Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More
- How Attackers Use Kerberos Silver Tickets to Exploit Systems
Lsass SAM NTLM GPO
- Retrieving NTLM Hashes without touching LSASS: the “Internal Monologue” Attack
- ATT&CK - Credential Dumping
- BH2002 - Cracking NTLMv2 Authentication
- DerbyCon7 - Securing Windows with Group Policy
- Abusing GPO Permissions
- Targeted Kerberoasting
WinAPI
Lateral Movement
Pass the Hash
- ATT&CK - Pass the Hash
- BH2013 - Pass the Hash and other credential theft and reuse: Preventing Lateral Movement...
- BH2013 - Pass the Hash 2: The Admin's Revenge
- From Pass-the-Hash to Pass-the-Ticket with No Pain
- Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy
Pass the Ticket
LLMNR/NBT-NS poisoning
Privilege Escalation
- Level Up! Practical Windows Privilege Escalation - Andrew Smith
- Windows Privilege Escalation Presentation
- Windows Kernel Exploits
- DEF CON 22 - Kallenberg and Kovah - Extreme Privilege Escalation On Windows 8/UEFI Systems
- DEF CON 25 - Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level
- DerbyCon7 - Not a Security Boundary Bypassing User Account Control
Token Impersonation
Defense Evasion
AV
- DerbyCon3 - Antivirus Evasion Lessons Learned
- DerbyCon7 - T110 Modern Evasion Techniques
- DerbyCon7 - Evading Autoruns
- Red Team Techniques for Evading, Bypassing & Disabling MS
- How to Bypass Anti-Virus to Run Mimikatz
- AV Evasion - Obfuscating Mimikatz
- Getting PowerShell Empire Past Windows Defender
AMSI
- Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
- [Antimalware Scan Interface (AMSI) — A Red Team Analysis on Evasion] (https://iwantmore.pizza/posts/amsi.html)
LAPS
AppLocker & Application Whitelisting
Exfiltration
- Abusing Windows Management Instrumentation (WMI)
- DEF CON 23 - Panel - WhyMI so Sexy: WMI Attacks - Real Time Defense and Advanced Forensics
- DerbyCon3 - Living Off The Land A Minimalist's Guide To Windows Post Exploitation
PowerShell
- DEF CON 18 - David Kennedy "ReL1K" & Josh Kelley - Powershell...omfg
- DEF CON 22 - Investigating PowerShell Attacks
- DerbyCon2016 - 106 PowerShell Secrets and Tactics Ben0xA
- Daniel Bohannon – Invoke-Obfuscation: PowerShell obFUsk8tion
- BH2017 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Phishing
Maldocs
Macros
DDE
- About Dynamic Data Exchange
- Abusing Microsoft Office DDE
- Microsoft Office Dynamic Data Exchange(DDE) attacks
- Office-DDE-Payloads
HTA
Tools
Adversary Emulation
Other Awesome Lists & sources
- Awesome Red Teaming
- Red Teaming Toolkit
- Red Team Infrastructure Wiki
- Awesome Pentest
- Red Teaming Experiments
Contributing
Your contributions are always welcome! Please take a look at the contribution guidelines first.
If you have any question about this opinionated list, do not hesitate to contact me @_mvalle_ on Twitter or open an issue on GitHub.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].