Some_Pentesters_SecurityResearchers_RedTeamers
Special thanks to Peerlyst Community for mentioning me on the list (27_Influential_Penetration_Testers) but for me, "john" from Purple team [https://lnkd.in/eVfKuah] + these guys in below list are Influential Security Researchers/Pentesters/Red Teamers...
Note: in my opinion they have/had good researches & codes + videos (i learned a lot useful things from these guys), this is not all of them in my list & you can make your own list better than me ;D ...
# [off---def] Nomi Sec , (Hacker-Trends) => https://github.com/nomi-sec/Hacker-Trends
# [offensive] Nomi Sec , (PoC in GitHub) => https://github.com/nomi-sec/PoC-in-GitHub
# [offensive] Amarjit Labhuram , (Malware Development C# workshop for AfricaHackon 2021) => https://github.com/chr0n1k/AH2021Workshop
+ [offensive] @trickster012 , (OffensiveRust, weaponizing Rust for implant development and general offensive operations.) => https://github.com/trickster0/OffensiveRust
+ [offensive] @rad9800 , (TamperingSyscalls is alternative solution to direct syscalls) => https://github.com/rad9800/TamperingSyscalls
! [defensive] @thefLinkk , (Hunt-Sleeping-Beacons. Aims to identify sleeping beacons) => https://github.com/thefLink/Hunt-Sleeping-Beacons
+ [offensive] @thefLinkk , (DeepSleep. A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC) => https://github.com/thefLink/DeepSleep
+ [offensive] @frodosbon , (breakcyserver. Kill EDR Services) => https://github.com/waawaa/breakcyserver
+ [offensive] @dr4k0nia , (Origami is Packer compressing .net assemblies, (ab)using the PE format for data storage) => https://github.com/dr4k0nia/Origami
+ [offensive] @Flangvik , (SharpDllProxy. Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading => https://github.com/Flangvik/SharpDllProxy
+ [offensive] @Flangvik , (NetLoader. Loads any C# binary in mem, patching AMSI/ETW) => https://github.com/Flangvik/NetLoader
[offensive] @bishopfox , (Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing) => https://github.com/BishopFox/sliver
[defensive] LOLBAS-Project, (LOLBAS project is to document every binary, script & library that can be used for Living Off The Land techniques) => https://github.com/LOLBAS-Project/LOLBAS
[offensive] @0xrepnz , (APC Internals Research Code) => https://github.com/repnz/apc-research
[offensive] Nettitude , (PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming) => https://github.com/nettitude/PoshC2
[offensive] @waldoirc , (YouMayPasser is an x64 implementation of Gargoyle) => https://github.com/waldo-irc/YouMayPasser
[offensive] @_Wra7h , (Process Ghosting [x64 only] in C#) => https://github.com/Wra7h/SharpGhosting
[offensive] @_Wra7h , (AppRecoveryCallback Inject PoC C#) => https://github.com/Wra7h/ARCInject
[offensive] daem0nc0re , (C# Utilities for Windows Notification Facility WNF) => https://github.com/daem0nc0re/SharpWnfSuite
[offensive] @cerbersec , (loader written in C/C++ based on the Transacted Hollowing technique) => https://github.com/Cerbersec/Ares
[offensive] @daem0nc0re , (C# Tools and PoCs for Windows syscall investigation) => https://github.com/daem0nc0re/AtomicSyscall
[defensive] @winternl_t , (syscall-detect) => https://github.com/jackullrich/syscall-detect
[defensive] @slaeryan , (Detects Module Stomping as implemented by Cobalt Strike) => https://github.com/slaeryan/DetectCobaltStomp
[defensive] @_Apr4h , (CobaltStrikeScan, Scan files or process memory for CobaltStrike beacons) => https://github.com/Apr4h/CobaltStrikeScan
[defensive] Siemens Healthineers , ETWAnalyzer (Command line tool to analyze one/many ETW file/s with simple queries) => https://github.com/Siemens-Healthineers/ETWAnalyzer
[defensive] KANKOSHEV , (Detect-HiddenThread-via-KPRCB, Detect removed thread from PspCidTable) => https://github.com/KANKOSHEV/Detect-HiddenThread-via-KPRCB
[offensive] @slaeryan , FALCONSTRIKE , (About A stealthy, targeted Windows Loader for delivering second-stage payloads) => https://github.com/slaeryan/FALCONSTRIKE
[offensive] Michael Maltsev , (A global injection and hooking example) => https://github.com/m417z/global-inject-demo
[offensive] @GeorgePatsias1 , (Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion) ) => https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
[offensive] F-Secure Countercept , (research on module stomping) => https://github.com/countercept/ModuleStomping
[defensive] @waldoirc , (Detect strange memory regions and DLLs ) => https://github.com/waldo-irc/MalMemDetect
[defensive] Rabobank Cyber Defence Centre , (Detect Tactics, Techniques & Combat Threats) => https://github.com/rabobank-cdc/DeTTECT
[offensive] CyberWarFare Labs , (Advanced-Process-Injection-Workshop by CyberWarFare Labs) => https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
[offensive] @KlezVirus , (SysWhispers on Steroids - AV/EDR evasion via direct system calls) => https://github.com/klezVirus/SysWhispers3
[offensive] Mieleke Blaam , (Process-Hollowing, Great explanation of Process Hollowing [a Technique often used in Malware]) => https://github.com/m0n0ph1/Process-Hollowing
[offensive] deepsight , (C2Centipede is a POC proxy for reverse HTTP shell tools (metasploit/empire) to evade beaconing detection) => https://github.com/deepsight/C2Centipede
[offensive] Marshall Hallenbeck , (Red Team Attack Lab) => https://github.com/Marshall-Hallenbeck/red_team_attack_lab
[defensive] @jordanklepser , (defender-detectionhistory-parser, A parser of Windows Defender's DetectionHistory forensic artifact) => https://github.com/jklepsercyber/defender-detectionhistory-parser
[offensive] djhohnstein , (TSMSISrv_poc, C# POC for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll) => https://github.com/djhohnstein/TSMSISrv_poc
[offensive] @ajpc500 , (NimlineWhispers2, A tool for converting SysWhispers2 syscalls for use with Nim projects) => https://github.com/ajpc500/NimlineWhispers2
[defensive] @ScarredMonk , (SysmonSimulator, Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs) => https://github.com/ScarredMonk/SysmonSimulator
[offensive] Paranoid Ninja , (EtwTi-Syscall-Hook, A simple program to hook the current process to identify the manual syscall executions on windows) => https://github.com/paranoidninja/EtwTi-Syscall-Hook
[offensive] AD995 , (bluffy, Convert shellcode into different formats) => https://github.com/ad-995/bluffy
[offensive] FULLSHADE , (WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications.) => https://github.com/FULLSHADE/WarFox
[offensive] John Tear , (injection technique using C# that attempts to bypass Defender) => https://github.com/plackyhacker/Suspended-Thread-Injection
[offensive] @C5pider , (KaynLdr is a Reflective Loader written in C/ASM) => https://github.com/Cracked5pider/KaynLdr
[offensive] Shai S , (Examine, create and interact with remote objects in other .NET processes) => https://github.com/theXappy/RemoteNET
[offensive] John Tear , (Another method for unhooking AV/EDR) => https://github.com/plackyhacker/Peruns-Fart
[offensive] John Tear , (spoof the command line when spawning a new process from C#) => https://github.com/plackyhacker/CmdLineSpoofer
[offensive] 0xsp-SRD , (mortar, evasion technique to defeat and divert detection and prevention of security products AV/EDR/XDR) => https://github.com/0xsp-SRD/mortar
[offensive] mobdk , (zCore, Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall) => https://github.com/mobdk/zCore
[offensive] mobdk , (CloneProcess, Clone running process with ZwCreateProcess) => https://github.com/mobdk/CloneProcess
[offensive] John Tear , (Shellcode-Encryptor, simple shell code encryptor/decryptor/executor to bypass AVs) => https://github.com/plackyhacker/Shellcode-Encryptor
[offensive] VollRagm , (KernelSharp, C# Kernel Mode Driver example using NativeAOT) => https://github.com/VollRagm/KernelSharp
[defensive] Splunk , (Cmelting-cobalt, Cobalt Strike Scanner that retrieves detected Team Server beacons) => https://github.com/splunk/melting-cobalt
[defensive] Ali Davanian , (CnCHunter is a fork of RiotMan, and it allows exploiting malware for active probing) => https://github.com/adava/CnCHunter
[offensive] @mariuszbit , (Stracciatella, OpSec-safe Powershell runspace from within C# [aka SharpPick] with AMSI) => https://github.com/mgeeky/Stracciatella
[offensive] @mariuszbit , (UnhookMe, UnhookMe is an universal Windows API resolver) => https://github.com/mgeeky/UnhookMe
[offensive] @Kara4Search , (ThreadHijacking_CSharp, Process inject technique "Thread hijacking" via C#) => https://github.com/Kara-4search/ThreadHijacking_CSharp
[offensive] @Kara4Search , (HellgateLoader_CSharp, Load shellcode via HELLGATE, Rewrite hellgate with C#.Net) => https://github.com/Kara-4search/HellgateLoader_CSharp
[offensive] @Kara4Search , (FullDLLUnhooking_CSharp, Unhook DLL via cleaning the DLLs text section) => https://github.com/Kara-4search/FullDLLUnhooking_CSharp
[offensive] @0xpwnisher , (Various WMI experiments in a closed environment) => https://github.com/pwn1sher/WMEye
[offensive] @0xpwnisher , (UUID based Shellcode loader for your favorite C2) => https://github.com/pwn1sher/uuid-loader
[offensive] wavestone-cdt , (EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections) => https://github.com/wavestone-cdt/EDRSandblast
[offensive] @KleiberIngo , (Simple HTTP server for delivering & exfiltrating files/data) => https://github.com/IngoKl/HTTPUploadExfil
[offensive] @Kara4Search , (Load ntdll.dll via file mapping to bypass API inline hook via C#) => https://github.com/Kara-4search/NewNtdllBypassInlineHook_CSharp
[offensive] @Kara4Search , (MappingInjection via C#) => https://github.com/Kara-4search/MappingInjection_CSharp
[offensive] mai1zhi2 , (SysWhispers2_x86_Sysenter is responsible for generating 32-bit program) => https://github.com/mai1zhi2/SysWhispers2_x86
[offensive] @Jackson_T , (SysWhispers2 helps with evasion by generating header/ASM files) => https://github.com/jthuraisamy/SysWhispers2
[offensive] @Jackson_T , (SysWhispers helps with evasion by generating header/ASM files) => https://github.com/jthuraisamy/SysWhispers
[offensive] @PwnDexter , (SharpEDRChecker, New & improved C# Implementation of Invoke-EDRChecker) => https://github.com/PwnDexter/SharpEDRChecker
[offensive] @PwnDexter , (Invoke-EDRChecker) => https://github.com/PwnDexter/Invoke-EDRChecker
[offensive] @SolomonSklash , (A shellcode function to encrypt a running process image when sleeping) => https://github.com/SolomonSklash/SleepyCrypt
[offensive] @aaaddress1 , (Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR) => https://github.com/aaaddress1/Skrull
[offensive] @codewhitesec , (PIC lsass dumper using cloned handles) => https://github.com/codewhitesec/HandleKatz
[offensive] @snovvcrash , (shellcode injection techniques) => https://github.com/snovvcrash/DInjector
[offensive] @snovvcrash , (Process Hollowing Technique & Nim) => https://github.com/snovvcrash/NimHollow
[offensive] John Tear , (A collection of C# shellcode injection techniques) => https://github.com/plackyhacker/Shellcode-Injection-Techniques
[offensive] Moath Maharmeh , (SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems) => https://github.com/iomoath/SharpStrike
[offensive] Moath Maharmeh , (Unmanaged PowerShell execution using DLLs or a standalone executable) => https://github.com/iomoath/PowerShx
[offensive] @mariuszbit , (in-memory evasion technique & fluctuate between RW,NoAccess,RX memory protection) => https://github.com/mgeeky/ShellcodeFluctuation
[offensive] @mariuszbit , (Thread Stack Spoofing/Call Stack Spoofing PoC) => https://github.com/mgeeky/ThreadStackSpoofer
[offensive] @KlezVirus , (Template-Driven AV/EDR Evasion Framework) => https://github.com/klezVirus/inceptor
[offensive] GetRektBoy724 , (Syscall Stub Stealer, Freshly steal Syscall stub straight from the disk) => https://github.com/GetRektBoy724/TripleS
[offensive] pedro31851511 , (meterpeter, C2 Powershell Command & Control Framework with BuiltIn Commands) => https://github.com/r00t-3xp10it/meterpeter
[defensive] Airbus CERT , (Wireshark plugin to work with ETW) => https://github.com/airbus-cert/Winshark
[offensive] ahmedkhlief , (C2 server by Purple Team to do stealthy computer & AD enumeration) => https://github.com/ahmedkhlief/Ninja
[offensive] zcgonvh , (Exploit for EfsPotato MS-EFSR EfsRpcOpenFileRaw) => https://github.com/zcgonvh/EfsPotato
[offensive] @c__sto , (pure-go implementation of using direct syscalls to do Windowsy stuff) => https://github.com/C-Sto/BananaPhone
[offensive] @aaaddress1 , (POC for Process Herpaderping, ProcssGhosting & miniCreateProcessEx techniques) => https://github.com/aaaddress1/PR0CESS
[offensive] nettitude , (C# Reflective loader for unmanaged binaries) => https://github.com/nettitude/RunPE
[defensive] @_forrestorr , (Moneta, memory scanner) => https://github.com/forrest-orr/moneta
[defensive] @hasherezade , (Pe-Sieve, memory scanner) => https://github.com/hasherezade/pe-sieve
[offensive] odzhan , (Shellcodes for Windows/Linux/BSD running on x86, AMD64, Arch32, Arch64) => https://github.com/odzhan/shellcode
[offensive] mobdk , (Upsilon, execute shellcode with syscalls, no API like NtProtectVirtualMemory is used) => https://github.com/mobdk/Upsilon
[defensive] @arch_rabbit , (Fibratus is a tool for exploration and tracing of the Windows kernel) => https://github.com/rabbitstack/fibratus
[offensive] wireless90 , (1.ProcessHollowing, 2.Net APCQueue Injection Techniques) => https://github.com/wireless90/ProcessInjector.NET
[offensive] @topotam77 , (PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions ) => https://github.com/topotam/PetitPotam
[defensive] Rajiv Kulkarni , (FalconEye, Real-time detection software for Windows process injections) => https://github.com/rajiv2790/FalconEye
[offensive] SafeBreach Labs , (Pinjectra is a C/C++ library that implements Process Injection techniques) => https://github.com/SafeBreach-Labs/pinjectra
[offensive] RedCursorSecurityConsultin , (Tool to bypass LSA Protection [aka Protected Process Light]) => https://github.com/RedCursorSecurityConsulting/PPLKiller
[off---def] @brsn76945860 , (Enumerating and removing kernel callbacks using signed vulnerable drivers) => https://github.com/br-sn/CheekyBlinder
[offensive] Ralph May , (deploy a phishing engagement in the cloud) => https://github.com/ralphte/build_a_phish
[defensive] @standa_t , (tool to help malware analysts tell that the sample is injecting code to another process) => https://github.com/tandasat/RemoteWriteMonitor
[offensive] @safe_buffer , (LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them) => https://github.com/WazeHell/LightMe
[defensive] Microsoft , (MSFT, CPU/Memory performance-analysis,very useful ETW Codes & tools for Blue Teams/Defenders) => https://github.com/microsoft/perfview
[offensive] @_S_aint_Iker , (Process Ghosting Tool [64 bits Only]) => https://github.com/IkerSaint/KingHamlet/
[offensive] cube0x0 , (SharpeningCobaltStrike, in realtime compiling of dotnet v35/v40 exe/dll binaries + obfuscation...)https://github.com/cube0x0/SharpeningCobaltStrike
[defensive] HoShiMin , (Avanguard, The Win32 Anti-Intrusion Library) => https://github.com/HoShiMin/Avanguard
[offensive] Nicholas Spagnola , (MalwareDev) => https://github.com/MakoSec/MalwareDev
[offensive] @aaaddress1 , (RunPE-In-Memory, Run 32bit/64bit copy of Exe File in memory like an Application Loader) => https://github.com/aaaddress1/RunPE-In-Memory
[offensive] Samuel Wong , (NET-Obfuscate, Obfuscate ECMA CIL [.NET IL] assemblies to evade Windows Defender AMSI.) => https://github.com/BinaryScary/NET-Obfuscate
[offensive] @matterpreter , (OffensiveCSharp, collection of C# tooling & POCs for use on operations) => https://github.com/matterpreter/OffensiveCSharp
[off---def] m0rv4i , (Syscalls-Extractor, extracting syscall numbers for an OS) => https://github.com/m0rv4i/Syscalls-Extractor
[offensive] @_batsec_ , (DarkLoadLibrary, LoadLibrary for offensive operations) => https://github.com/bats3c/DarkLoadLibrary
[offensive] @Yas_o_h , (Backstab is a tool capable of killing antimalware protected processes by leveraging sysinternals) => https://github.com/Yaxser/Backstab
[offensive] @passthehashbrwn , (avoiding direct syscall detections) => https://github.com/passthehashbrowns/hiding-your-syscalls
[offensive] @kevin_robertson , (cross-platform .NET IPv4/IPv6 machine-in-the-middle tool) => https://github.com/Kevin-Robertson/Inveigh
[defensive] Lares , (Pushes Sysmon Configs) => https://github.com/LaresLLC/SysmonConfigPusher
[offensive] Gabriel Landau , (Post/Article: Process Ghosting) => https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
[offensive] @mariuszbit , (Cobalt Strike C2 Reverse proxy) => https://github.com/mgeeky/RedWarden
[offensive] Alex Davies , (Some C# Process Injection Techniques) => https://github.com/pwndizzle/c-sharp-memory-injection
[defensive] Improsec A/S , (Identify the attack paths in BloodHound breaking your AD tiering) => https://github.com/improsec/ImproHound
[offensive] @itm4n , (Dump the memory of a PPL with a userland exploit) => https://github.com/itm4n/PPLdump
[offensive] @R0h1rr1m , (Userland API Unhooker Project) => https://github.com/frkngksl/Celeborn
[offensive] @checkymander , (run python code on systems without Python installed) => https://github.com/checkymander/Zolom
[off--docs] @joevest , (redteam guide) => https://redteam.guide/docs/
[offensive] @positive_sec , (upload arbitrary data from devices without internet) => https://github.com/positive-security/send-my
[offensive] @infosecn1nja , (Red Teaming/Adversary Simulation Toolkit) => https://github.com/infosecn1nja/Red-Teaming-Toolkit
[defensive] @pathtofile , (Easy ETW Tracing for Security Research) => https://github.com/pathtofile/Sealighter
[offensive] https://github.com/optiv , (Dent) => https://github.com/optiv/Dent
[off--blog] @pentestlabltd , (blog) => https://pentestlaboratories.com/blog/
[offensive] @dafthack , (Cloud Pentest Cheatsheets) => https://github.com/dafthack/CloudPentestCheatsheets
[off---def] @ale_sp_brazil , (dotnet malware threat, internals & reversing) => http://www.blackstormsecurity.com/docs/ALEXANDREBORGES_DEFCON_2019.pdf
[defensive] @_lpvoid , (TiEtwAgent is ETW-based process injection detection) => https://github.com/xinbailu/TiEtwAgent
[defensive] ComodoSecurity , (OpenEDR is a free & open source platform EDR) => https://github.com/ComodoSecurity/openedr
[defensive] wazuh , (Wazuh is a free & open source platform EDR) => https://github.com/wazuh/wazuh
[off---def] @0gtweet , (Simple solutions allowing you to dig a bit deeper than usual) => https://github.com/gtworek/PSBits
[defensive] @cyb3rops , (Raccine, A Simple Ransomware Protection) => https://github.com/Neo23x0/Raccine
[offensive] @scrtsa , (avcleaner, C/C++ source obfuscator for antivirus bypass) => https://github.com/scrt/avcleaner
[offensive] @Arno0x0x , (DNSExfiltrator, Transfering/exfiltrate a file over a DNS request covert channel) => https://github.com/Arno0x/DNSExfiltrator
[offensive] Mauricio Velazco & Olindo Verrillo, (defcon-27, Writing custom backdoor payloads with C#) => https://github.com/mvelazc0/defcon27_csharp_workshop
[offensive] @Ne0nd0g , (Merlin is a cross-platform post-exploitation C2 server + agent written in Golang) => https://github.com/Ne0nd0g/merlin
[offensive] CyberArk , (Kubesploit is a cross-platform post-exploitation C2 server + agent with Golang) => https://github.com/cyberark/kubesploit
[offensive] G0ldenGunSec , (Post/Article: Transactional NTFS + API Hooking to Trick the CLR into Loading Your Code “From Disk”) https://blog.redxorblue.com/2021/05/assemblylie-using-transactional-ntfs.html
[offensive] @_lpvoid , (DripLoader, Evasive shellcode loader for bypassing event-based injection detection) => https://github.com/xinbailu/DripLoader
[defensive] 3lp4tr0n , (BeaconHunter , Behavior based monitoring and hunting tool built in C# tool leveraging ETW tracing) => https://github.com/3lp4tr0n/BeaconHunter
[offensive] antonioCoco , (RemotePotato0, Windows Privilege Escalation from User to Domain Admin) => https://github.com/antonioCoco/RemotePotato0
[defensive] OpenCTI , (open source platform allowing organizations to manage their cyber threat intelligence knowledge) => https://github.com/OpenCTI-Platform/opencti
[offensive] hackerschoice , (two users behind NAT/Firewall to establish a TCP connection with each other) => https://github.com/hackerschoice/gsocket
[offensive] @JulioUrena , (SharpNoPSExec, File less command execution for lateral movement) => https://github.com/juliourena/SharpNoPSExec
[off---def] Mr.Un1k0d3r , (EDRs Hooked APIs + some useful EDRs info for during red team exercise) => https://github.com/Mr-Un1k0d3r/EDRs
[offensive] Yarden Shafir , (Post/Article: Thread/Process State Change & EDR Hook Evasion Method) => https://windows-internals.com/thread-and-process-state-change/
[defensive] ion-storm , (Sysmon EDR Active Response Features) => https://github.com/ion-storm/sysmon-edr
[offensive] @tokyoneon_ , (Chimera, PowerShell obfuscation script designed to bypass AMSI and antivirus) => https://github.com/tokyoneon/Chimera
[offensive] nodauf , (Grish ,Golang Interactive Reverse SHell) => https://github.com/nodauf/Girsh
[offensive] @pedro31851511 , (reverse tcp shells in post-exploitation tasks) => https://github.com/r00t-3xp10it/redpill
[offensive] Ryan Reeves , (3 Process Hollowing PoC) => https://github.com/reevesrs24/EvasiveProcessHollowing
[off---def] Roberto Rodriguez @Cyb3rWard0g , (Education/Training: Threat Hunter Playbook) => https://threathunterplaybook.com/introduction.html
[offensive] hasherezade , (Education/Training: Malware Training) => https://github.com/hasherezade/malware_training_vol1
[offensive] 0xpat (Education/Training: Red/Purple Teamers [Malware development] ) => https://0xpat.github.io/
[offensive] @ShitSecure , (Nim Codes for CBT CallBackTechniques) => https://github.com/S3cur3Th1sSh1t/Nim_CBT_Shellcode
[offensive] @_EthicalChaos_ , (Mirrordump, dump lsass) => https://github.com/CCob/MirrorDump
[off---def] @_EthicalChaos_ , (MiniHook, hooking native API calls ) => https://github.com/CCob/MinHook.NET
[off---def] Black Lantern Security, (writehat , Pentest reporting tool written in Python) => https://github.com/blacklanternsecurity/writehat
[offensive] jthuraisamy, (Enumerate and disable common sources of telemetry used by AV/EDR.) => https://github.com/jthuraisamy/TelemetrySourcerer
[offensive] ChaitanyaHaritash , (Shellcode Execution via Callback Func) => https://github.com/ChaitanyaHaritash/Callback_Shellcode_Injection
[offensive] S4R1N , (Shellcode Execution via Callback Func) => https://github.com/S4R1N/AlternativeShellcodeExec
[offensive] Deep Instinct, (lsass Dumper) => https://github.com/deepinstinct/LsassSilentProcessExit
[offensive] asaurusrex, (Project to check which Nt/Zw functions your local EDR is hooking) => https://github.com/asaurusrex/Probatorum-EDR-Userland-Hook-Checker
[offensive] optive, ScareCrow (Bypass EDR hooks, Whitelisting) => https://github.com/optiv/ScareCrow
[offensive] antonioCoco or @splinter_code , (Mapping-Injection) => https://github.com/antonioCoco/Mapping-Injection
[offensive] @spotheplanet (C++, minidumpwritedump , [without mimikatz]) => https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques/blob/master/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass.md
[offensive] @m0rv4i (C#, SafetyDump PID/lsass dumper [in-memory]) https://github.com/m0rv4i/SafetyDump
[offensive] https://twitter.com/marcosd4h Minjector/Memhunter (injector/ETW) => https://github.com/marcosd4h/memhunter
[offensive] sh4hin , GoPurple (injector) => https://github.com/sh4hin/GoPurple
[offensive] odzhan , Injection Methods => https://github.com/odzhan/injection
[offensive] monozgas , sRDI (injector) => https://github.com/monoxgas/sRDI
[offensive] @r3n_hat , (C# c2, GRAT2) => https://github.com/r3nhat/GRAT2
[offensive] @jxy__s , (Process herpaderping) => https://github.com/jxy-s/herpaderping
[defensive] @jtsmith282 , Blue teams monitor systems => https://github.com/ION28/BLUESPAWN
[offensive] @Ch0pin , (AVIator) => https://github.com/Ch0pin/AVIator
[off--blog] @netbiosX (Education/Training: blog) => https://pentestlab.blog/
[offensive] @TheRealWover , (donut) => https://github.com/TheWover/donut
[offensive] @gentilkiwi , (mimikatz) => https://github.com/gentilkiwi/mimikatz
[offensive] @_RastaMouse , (SharpC2) => https://github.com/SharpC2/SharpC2
[offensive] @b4rtik , (SharpMiniDump) => https://github.com/b4rtik/SharpMiniDump
[offensive] @FuzzySec , (Sharp-Suite) => https://github.com/FuzzySecurity/Sharp-Suite
[offensive] @FuzzySec , (Fermion) => https://github.com/FuzzySecurity/Fermion
[offensive] @cobbr_io , (C2, Covenant) => https://github.com/cobbr/Covenant
[offensive] @cobbr_io , (SharpSploit) => https://github.com/cobbr/SharpSploit
[offensive] @pedro31851511 => https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL
[offensive] @gweeperx , (SSI ,injector) => https://github.com/DimopoulosElias/SimpleShellcodeInjector
[defensive] @hasherezade , (hollows_hunter , memory scanner) => https://github.com/hasherezade/hollows_hunter
[offensive] @byt3bl33d3r , (SILENTTRINITY) => https://github.com/byt3bl33d3r/SILENTTRINITY
[offensive] badBounty , (directInjectorPOC) => https://github.com/badBounty/directInjectorPOC
[off---def] mvelazc0 , (PurpleSharp) => https://github.com/mvelazc0/PurpleSharp
[offensive] @slaeryan , (Red-Teamer/Pentester Tools) => https://github.com/slaeryan/AQUARMOURY
[off---def] boh , (C# Tools) => https://github.com/boh/RedCsharp
[offensive] shogunlab , (Education/Training: ebook) => https://github.com/shogunlab/building-c2-implants-in-cpp
[off---def] redcanaryco , (Red-Teaming) => https://github.com/redcanaryco/atomic-red-team
[offensive] @_batsec_ , (shad0w) => https://github.com/bats3c/shad0w
[offensive] @_forrestorr , (DLL hollowing) => https://github.com/forrest-orr/phantom-dll-hollower-poc
[off--blog] @jack_halon , (blog) => https://jhalon.github.io
[offensive] @martinoj2009 , (ICMP Exfil tool) => https://github.com/martinoj2009/ICMPExfil
[offensive] @mubix , (hak5) => https://www.youtube.com/c/hak5/playlists
[off--blog] @bohops , (blog) => https://bohops.com
[offensive] https://twitter.com/buffaloverflow
[offensive] https://twitter.com/domchell
[off--blog] OsandaMalith , (blog) => https://osandamalith.com
[off--blog] @_xpn_ , (blog) => https://blog.xpnsec.com
[off--blog] @am0nsec , (blog) => https://ntamonsec.blogspot.com
[off--blog] @peewpw , (blog) => https://www.peew.pw
[offensive] https://twitter.com/5ub34x
[offensive] https://twitter.com/vvalien1
[off--blog] @424f424f , (blog) => https://medium.com/@rvrsh3llSome Videos About Pentesters & Red/Purple/Blue Teams (Offensive/Defensive teams + SOC/CTI...), these Videos made by Security Researchers/Pentesters/Red/Purple/Blue Teamers...
Note: i think you should watch these videos one by one, As Pentester/Red/Blue/Purple Teamer (Security Teams) these videos will help you a lot... (these video was useful to me a lot, but this list was for New Videos & i will add more videos (new/old videos) to this new list soon...
Note: these guys in these videos are "humble" which is important to me & their videos is very useful (technically).
"Humble" + "Useful" + "Pro" = "these guys ;D in this video list ..."
(videos: last update 01 Oct 2022)
! ([Programming] Hacking C#: Development for the Truly Lazy ,Simon Painter) => https://www.youtube.com/watch?v=0ial6pfgV9g
! ([Programming] Keynote: How do our ideas about coding affect the software we create? ,Christin Gorman) => https://www.youtube.com/watch?v=sSee-aDjtmw
! ([Programming] Locknote: Programming’s Greatest Mistakes ,Mark Rendle) => https://www.youtube.com/watch?v=YfKzJuXmZX8&t=1542s
! ([Programming] Measuring DevSecOps ,Victoria Almazova) => https://www.youtube.com/watch?v=UXQHREbSV-0
! ([Programming] What is DevSecOps? ,Andrea Crawford) => https://www.youtube.com/watch?v=J73MELGF6u0
! ([Programming] Where’s C# headed? ,Mads Torgersen) => https://www.youtube.com/watch?v=v8bqAm4aUFM
+ (Bypassing Microsoft Defender for Identity. Nikhil Mittal) => https://www.youtube.com/watch?v=bzLvOu1awKM
+ (Sideloading in Signed Office files, Pieter Ceelen & Dima van de Wouw) => https://www.youtube.com/watch?v=ll-ViQT9Oew
+ (Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at TheSAS2019) => https://www.youtube.com/watch?v=T5wPwvLrBYU
+ (Nullcon: How To Bypass AM-PPL & Disable EDRs - A Red Teamer's Story-Stephen Kho & Juan Sacco) => https://www.youtube.com/watch?v=QtObgEfy5Jw
+ (Introduction to Threat Modeling | Siddhant Chouhan | Winja Unplugged) => https://www.youtube.com/watch?v=mpw-Lsqa5Ls
+ (Develop Your Own RAT: EDR + AV Defense by Dobin Rutishauser) => https://www.youtube.com/watch?v=w0bh7s7bVXI
+ (Building A Red Team – The Best Defense Is A Good Offense by Daniel Fabian) => https://www.youtube.com/watch?v=yfgfixMKFGI
+ (Command & Control Freak: Cloud Edition by Dagmawi Mulugeta) => https://www.youtube.com/watch?v=grCToZwUacc
(Jake Williams presents update on Cyber Threat Intelligence program) => https://youtu.be/MHfGIY2IyXE?t=414
(ATT&CK Updates: Data Sources and Detection, by Alexia Crumpton) => https://www.youtube.com/watch?v=eBeIRYeq7SM
(State of ATT&CK - ATT&CKcon 3.0 Day 1) => https://www.youtube.com/watch?v=1JLZkNe085g
(When Insiders ATT&CK! - ATT&CKcon 3.0 Day 2) => https://www.youtube.com/watch?v=qJ3DrNAbtxg
(Mapping to MITRE ATT&CK - ATT&CKcon 3.0 Day 1) => https://www.youtube.com/watch?v=uYJAoedpJkQ
(ATT&CKing the Red/Blue Divide - ATT&CKcon 3.0 Day 2) => https://www.youtube.com/watch?v=lxAQiq2XtEQ
(Insights Into Highly Valued Data Sources) => https://www.youtube.com/watch?v=ba2e9pWxboU
(racking Noisy Behavior and Risk-Based Alerting with ATT&CK, by Haylee Mills) => https://www.youtube.com/watch?v=qqNUmfOW3gU
(Prioritizing Detection Implementation with Intelligence and ATT&CK, by Lindsay Kaye & Scott Small) => https://www.youtube.com/watch?v=pwl7L_Lh9_c
(Knowledge for the Masses: Storytelling with ATT&CK!) => https://www.youtube.com/watch?v=eRHw-An9NuI
(What is ATT&CK Coverage Anyway? Breadth and Depth Analysis w/ Atomic Red Team) => https://www.youtube.com/watch?v=RRq8jqFY6ts
(Blue-Team-as-Code: Lessons From Real-world Red Team Detection Automation Using Logs, By Oleg Kolesnikov & Den Iuzvyk) => https://www.youtube.com/watch?v=fz6SYlfvc-Y
(BH, Process Injection Techniques - Gotta Catch Them All, By Itzik Kotler and Amit Klein) => https://www.youtube.com/watch?v=xewv122qxnk
(BH, Exploiting Windows COM/WinRT ServicesExploiting Windows COM/WinRT Services, By XueFeng Li & Zhiniang Peng) => https://www.youtube.com/watch?v=KeQ0PHrHDVs
(BH, The Dark Age of Memory Corruption Mitigations in the Spectre Era, By Andrea Mambretti & Alexandra Sandulescu) => https://www.youtube.com/watch?v=vI7ABcuclpg
(BH, Rope: Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution, By Daniele Cono D'Elia & Lorenzo Invidia) => https://www.youtube.com/watch?v=PBDHhOtc0zM
(BH, Securing Open Source Software - End-to-end, At massive scale, Together, By Jennifer Fernick & Christopher Robinson) => https://www.youtube.com/watch?v=S2ZFF5LyL_Y
(BH, Anatomy of Native IIS Malware, By Zuzana Hromcova) => https://www.youtube.com/watch?v=OwCmuQHHOUA
(BH, CnCHunter: An MITM-Approach to Identify Live CnC Servers, By Ali Davanian, Ahmad Darki & Michalis Faloutsos) => https://www.youtube.com/watch?v=UNQ-ZnbYfeQ
(BH, Fixing a Memory Forensics Blind Spot: Linux Kernel Tracing, By Andrew Case & Golden Richard) => https://www.youtube.com/watch?v=6oe7qL7-WoI
(BH, Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021) => https://www.youtube.com/watch?v=neEytnFh_TY
(BH, Threat Hunting in Active Directory Environment By Anurag Khanna & Thirumalai Natarajan Muthiah) => https://www.youtube.com/watch?v=lBIaLmvVpBE
(BH, How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?) => https://www.youtube.com/watch?v=y8Z9KnL8s8s
(BH, Reverse Engineering Compliance by Adam Shostack) => https://www.youtube.com/watch?v=j7nDXgLahhU
(BH, Domain Borrowing, Catch My C2 Traffic if You Can) => https://www.youtube.com/watch?v=eVr0kKdgM2I
(BH, Mem2Img, Memory-Resident Malware Detection via Convolution Neural Network) => https://www.youtube.com/watch?v=6SDdUVejR2w
(Malware Traffic and CyberChef Magic 2021-08-19, by Doug Burks) => https://www.youtube.com/watch?v=dF2zWBO-Dgc
(Quick Malware Analysis with Security Onion, pcap from 2021-08-05, by Doug Burks) => https://www.youtube.com/watch?v=KBjr1fdb3jY
(DEF CON 29 Adversary Village, Mauricio Velazco, PurpleSharp Automated Adversary Simulation) => https://www.youtube.com/watch?v=yi1epKf0lcM
(DEF CON 29 Adversary Village, Jose Garduno, C2Centipede APT level C2 communications for common rev) => https://www.youtube.com/watch?v=m6ygA5oPSQo
(BHIS, No SPAN Port? No Tap? No Problem!, John Strand) => https://www.youtube.com/watch?v=EqjmZqa_Dho
(BHIS, How to Build a Phishing Engagement, Coding TTP's, Ralph May) => https://www.youtube.com/watch?v=VglCgoIjztE
(2021 Threat Detection Report , Red Canary) => https://www.youtube.com/watch?v=wk5qVUZnJp0
(Advanced Memory Forensics [Windows], Threat_Hunting & Initial Malware_Analysis [P1]) => https://www.youtube.com/watch?v=WB29XIUZjRU
(Workshop Track, Atomic red team , Carrie & Darin) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/b11b2349625349bfbfd3981ab9aced32/watch?source=CHANNEL
(Jason Downey, Six Things No One !@#$ing Told Me About Pentesting) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/249e698776384175a51f78b58bc75f86/watch?source=CHANNEL
(Jake Williams, Seeing the Forest Through the Trees Foundations of Event Log Analysis) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/47b94dcf6ba246cfb8657dbde5bd2e1f/watch?source=CHANNEL
(Dave Kennedy, Designing an Offensive Strategy for Defense) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/91b6bdc4a42f438a9fee0a6dcc4781de/watch?source=CHANNEL
(Madhav Bhatt & Brad Richardson, Red Team Engagements How to Train Your Blue Team to Hunt Adversaries) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/f8e577b0951d42d2895ae7b815743a7a/watch?source=CHANNEL
(Mauricio Velazco, PurpleSharp) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/c05f7c791eae4cc884931b40db37bb79/watch?source=CHANNEL
(Ralph May, Automate your Redteam) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/d2946bef40254e86aa1d439fbe7b965f/watch?source=CHANNEL
(Brian Donohue, Atomic Red Team) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/63ba587692a04df1b44a37e69f7bdf51/watch?source=CHANNEL
(Jorge Orchilles, Operationalizing Purple Team) => https://www.gotostage.com/channel/63b1ccaab38b4252b3ac2a9b7912981b/recording/240b20fd5c304f96b992eee10313e2ec/watch?source=CHANNEL
(SPECIAL WEBCAST, New Wave of Ransomware Attacks: How did this happen?, John Strand) => https://www.youtube.com/watch?v=v1jmrk758cM
(Hak5 ...) => https://www.youtube.com/c/hak5/playlists
(WWHF, Abusing Microsoft Office for Post-Exploitation, Kyle Avery) => https://www.youtube.com/watch?v=tWQNM2vuQEM
(Hands-On Purple Team Workshop with Tim Schulz, June 2) => https://www.youtube.com/watch?v=oogvR1U7Cls
(Collaborate and Validate, Let's talk Purple Teaming with SCYTHE & PlexTrac) => https://www.youtube.com/watch?v=XtC6xoIiHJU
(Practical Exploitation with Mubix, formerly Metasploit Minute) => https://www.youtube.com/playlist?list=PLW5y1tjAOzI3n4KRN_ic8N8Qv_ss_dh_F
(SCYTHE: #ThreatThursday, Conti Ransomware) => https://www.youtube.com/watch?v=R4rKnjs2VvA
(RTV: Threat Hunting With Elastic Security by Aravind Putrevu & Haran Kumar) => https://www.youtube.com/watch?v=E0Iix1jxVvo
(The SOC Puzzle: Where Does Threat Hunting Fit?, 2020 Threat Hunting & Incident Response Summit) => https://www.youtube.com/watch?v=Ut1t_n6NPQE
(Purple Team Maturity Model, Jorge Orchilles & Tim Schulz) => https://www.youtube.com/watch?v=iE0CgG0MAH4
(BHIS, Getting Started in Pentesting The Cloud: Azure, Beau Bullock) => https://www.youtube.com/watch?v=u_3cV0pzptY
(Topic 03 VQL Fundamentals Pt 2) => https://www.youtube.com/watch?v=tsmb_CuLVlE
(Live Launch: 2021 Threat Detection Report) => https://www.youtube.com/watch?v=wk5qVUZnJp0
(UniCon21) => https://www.youtube.com/watch?v=4WUauzWKa9M
(the Purple Team exercise is done: Now What? with Daniel DeCloss Founder & CEO PlexTrac) => https://www.youtube.com/watch?v=HNG3HNEcHs8
(1-10-60 Detection Metrics with Dmitri Alperovitch & Bryson Bort) => https://www.youtube.com/watch?v=arzi5LCI_Uk
(Detection Mechanisms for Common RedTeam TTPs) => https://www.youtube.com/watch?v=DSTsF0w3jMw
(Threat Hunting with Sysmon - Binary Defense) => https://www.youtube.com/watch?v=pnnnCgTyZo8
(Hands-On Purple Team Workshop with Tim Schulz.March 31) => https://www.youtube.com/watch?v=v7j1ZJy-BFw
(Purple Team Exercise Framework PTEF Workshop) => https://www.youtube.com/watch?v=kGCH-DjGM8M
(PurpleTeamSummit Hands-On Purple Team Workshop) => https://www.youtube.com/watch?v=rwOh9MC0M7E
(Hands-On Purple Team Workshop with Tim Schulz) => https://www.youtube.com/watch?v=kTEBhfzLoXM
(BHIS-Your Free and Open Source EDR Options!, John Strand) => https://www.youtube.com/watch?v=yrFnlbwFG_E
(BHIS-EMERGENCY WEBCAST: OK, let's talk about ransomware, John Strand) => https://www.youtube.com/watch?v=wKAQB4Yp-k4
(BHIS-OPSEC Fundamentals for Remote Red Teams, Michael Allen) => https://www.youtube.com/watch?v=AHwfV3NFlno
(Atomic Purple Team Framework and Life Cycle, Kent Ickler & Jordan Drysdale) => https://www.youtube.com/watch?v=_KqtVWrw_Gc
(IPv6: How to Securely Start Deploying, Joff Thyer) => https://www.youtube.com/watch?v=ft35bUVxiLQ
(A Blue Team's Perspective on Red Team Hack Tools) => https://www.youtube.com/watch?v=0mIN2OU5hQE
(Active Defense & Cyber Deception - Part 1) => https://www.youtube.com/watch?v=uxktoNrIk4Q
(Active Defense & Cyber Deception - Part 2) => https://www.youtube.com/watch?v=qGwqYjJZclU
(Active Defense & Cyber Deception - Part 3) => https://www.youtube.com/watch?v=vmfB2u6rXtk
(Enterprise Recon For Purple Teams) => https://www.youtube.com/watch?v=5c4KHB8dZMw
(In-Depth SILENTTRINITY Demo, Explanation & Walkthrough!) => https://www.youtube.com/watch?v=0_b3A1SOyVw
(How to attack when LLMNR, mDNS, and WPAD attacks fail - Eavesarp) => https://www.youtube.com/watch?v=cKDdy0JFXpA
(Endpoint Security Got You Down? No PowerShell? No Problem.) => https://www.youtube.com/watch?v=IGMj9paeEWM
(Two Covert Command & Control (C2) Channels) => https://www.youtube.com/watch?v=USYXKK1MDU0
(Attack Tactics 5: Zero to Hero Attack) => https://www.youtube.com/watch?v=kiMD0JFFheI
(RITA, Finding Bad Things on Your Network Using Free & Open Source Tools) => https://www.youtube.com/watch?v=mpCBOQSjbOA
(WWHF Deadwood 2020-Everything You've Been Told About Threat Hunting is a Lie, Lesley Carhart) => https://www.youtube.com/watch?v=5mdsV2FTDR8
(WWHF Deadwood 2020-Don C. Weber, Detecting Encrypted Radio Communications Using Universal) => https://www.youtube.com/watch?v=fgJaNIAlk0E
(WWHF Deadwood 2020-Jorge Orchilles, Emulating Adversaries Via Attack Chains) => https://www.youtube.com/watch?v=BDzw9cGEJos
(WWHF Deadwood 2020-Dan DeCloss, Purple Teaming With Runbooks for Plextrac) => https://www.youtube.com/watch?v=8kuutYNz0I8
(WWHF Deadwood 2020-A Quickstart Guide to Insider Threats, Adam Mashinchi) => https://www.youtube.com/watch?v=GKK0ZS07neY
(WWHF Deadwood 2020-Stephen Spence, Converting Blue Team into Advanced Host-Based Alerting) => https://www.youtube.com/watch?v=Jlf-CMFYNtw
(WWHF Deadwood 2020-Resilient Detection Engineering, Olaf Hartong) => https://www.youtube.com/watch?v=zMPouyUNX5c
(WWHF Deadwood 2020-Tao and the Art of Tshark Fields, Chris Brenton) => https://www.youtube.com/watch?v=lQCTPTGWYv0
(WWHF Deadwood 2020-Exploits, Research, Tools, and the Impact to Security, Dave Kennedy) => https://www.youtube.com/watch?v=iVNxfvU5xm8
(WWHF Deadwood 2020-Upping Your Defenses & Detections For the Low Price of FREE, Kent & Jordan) => https://www.youtube.com/watch?v=S0VaNt3i9JU
(Functional Testing: A New Era of Pentesting, The December Roundup-Cloud Pentesting, Jon Helmus) => https://www.youtube.com/watch?v=wYMNd5oks5s
(Unicorn Evangelism: The Case for Purple Teaming, Kent Icker & Jordan Drysdale) => https://www.youtube.com/watch?v=VxUgr0MrBJA
(Move Aside Script Kiddies–Malware Execution in the Age of Advanced Defenses, Joff Thyer) => https://www.youtube.com/watch?v=wTmQ5FaRmf4