249 Open source projects that are alternatives of or similar to Deploy Deception

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

Monitoring GitHub for sensitive data shared publicly

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Monitoring GitLab for sensitive data shared publicly

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

E-mails, subdomains and names Harvester - OSINT

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Test Blue Team detections without running any attack.

Purple Team Exercise Framework

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

一款适用于红蓝对抗中的仿真钓鱼系统

Reproducible and extensible BloodHound playbooks

Blue Team detection lab created with Terraform and Ansible in Azure.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

The goal of this repository is to document the most common techniques to bypass AppLocker.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

This repository contains full code examples from the book Gray Hat C#

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Search for Unix binaries that can be exploited to bypass system security restrictions.

Monitoring your Slack workspaces for sensitive information

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

红队作战中比较常遇到的一些重点系统漏洞整理。

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

Webshell Manager

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

The Collective. A repo for a collection of red-team projects found mostly on Github.

Lightweight tools for working with Active Directory users and groups. Also some domain discovery functions.

This is the list of all rootkits found so far on github and other sites.

A set of recipes useful in pentesting and red teaming scenarios

Utilities for MITRE™ ATT&CK

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Venom - A Multi-hop Proxy for Penetration Testers

A self-service password management tool for Active Directory

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Script collection to bypass Network Access Control (NAC, 802.1x)

记录自己编写、修改的部分工具

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Collection of quality safety articles. Awesome articles.

DeepSea Phishing Gear

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.