1025 Open source projects that are alternatives of or similar to MicrosoftWontFixList

A PowerShell module to deploy active directory decoy objects.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Search for Unix binaries that can be exploited to bypass system security restrictions.

mXtract - Memory Extractor & Analyzer

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

一款适用于红蓝对抗中的仿真钓鱼系统

Scan your code for security misconfiguration, search for passwords and secrets. 🔍

Reproducible and extensible BloodHound playbooks

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

A toolkit of AD specific health checks that you can run in your environment to ensure your Active Directory is running optimally.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.

A set of recipes useful in pentesting and red teaming scenarios

👻Stowaway -- Multi-hop Proxy Tool for pentesters

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

A collection of awesome security hardening guides, tools and other resources

🚀 Fast Port Scanner 🚀

Monitoring GitLab for sensitive data shared publicly

Monitoring your Slack workspaces for sensitive information

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.

Purple Team Exercise Framework

👻Impost3r -- A linux password thief

Blue Team detection lab created with Terraform and Ansible in Azure.

fireELF - Fileless Linux Malware Framework

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Webshell Manager

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

This repository contains full code examples from the book Gray Hat C#

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

E-mails, subdomains and names Harvester - OSINT

Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

Snoop — инструмент разведки на основе открытых данных (OSINT world)

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Find cloud assets that no one wants exposed 🔎 ☁️

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

Data leak checker & OSINT Tool

Test Blue Team detections without running any attack.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

The goal of this repository is to document the most common techniques to bypass AppLocker.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Monitoring GitHub for sensitive data shared publicly

Active Directory ACL Visualizer and Explorer - who's really Domain Admin?

This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…

Conversion tool used to convert microsoft access database to sqlite.

Shell script to detect when you're in a Microsoft Teams Call. Supports Linux and macOS.

Archive of various Microsoft Download Links.

Reverse engineering suite for Halo 5: Forge

HTML5 based remote desktop gateway using Apache Guacamole and Traefik Reverse Proxy including AD authentication and 2-FA

Hands on labs and content for students and educators to learn and teach the Internet of Things at schools, universities, coding clubs, community colleges and bootcamps