338 Open source projects that are alternatives of or similar to Lolbas

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Purple Team Exercise Framework

Test Blue Team detections without running any attack.

Provides various Windows Server Active Directory (AD) security-focused reports.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Monitoring GitHub for sensitive data shared publicly

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Search for Unix binaries that can be exploited to bypass system security restrictions.

Monitoring your Slack workspaces for sensitive information

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

E-mails, subdomains and names Harvester - OSINT

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

Investigate malicious Windows logon by visualizing and analyzing Windows event log

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Blue Team detection lab created with Terraform and Ansible in Azure.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

You didn't think I'd go and leave the blue team out, right?

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

一款适用于红蓝对抗中的仿真钓鱼系统

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

This repository contains full code examples from the book Gray Hat C#

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

Monitoring GitLab for sensitive data shared publicly

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

A PowerShell module to deploy active directory decoy objects.

The goal of this repository is to document the most common techniques to bypass AppLocker.

Automation for internal Windows Penetrationtest / AD-Security

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

红队作战中比较常遇到的一些重点系统漏洞整理。

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources

A list to discover work of red team tooling and methodology for penetration testing and security assessment

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Event Trace Log file parser in pure Python

Smart OSINT collection of common IOC types

A port of Kaitai to the Hiew hex editor

Extensible Red Team Framework

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.

Automagically extract forensic timeline from volatile memory dump

The Collective. A repo for a collection of red-team projects found mostly on Github.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.

Webshell Manager

VirusTotal Wanna Be - Now with 100% more Hipster

PS / Bash / Python / Other scripts For FUN!

Your Everyday Threat Intelligence

Windows Events Attack Samples