Windows event loggingWindows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
Stars: ✭ 128 (-22.89%)
Green Hat SuiteGreen-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.
Stars: ✭ 112 (-32.53%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+640.36%)
DefendercheckIdentifies the bytes that Microsoft Defender flags on.
Stars: ✭ 942 (+467.47%)
Ripv6Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
Stars: ✭ 10 (-93.98%)
SysmontoolsUtilities for Sysmon
Stars: ✭ 903 (+443.98%)
BashfuscatorA fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Stars: ✭ 690 (+315.66%)
Sentinel AttackTools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Stars: ✭ 676 (+307.23%)
Sysmon DfirSources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Stars: ✭ 654 (+293.98%)
HacktheworldAn Python Script For Generating Payloads that Bypasses All Antivirus so far .
Stars: ✭ 527 (+217.47%)
CloakCloak can backdoor any python script with some tricks.
Stars: ✭ 411 (+147.59%)
TelemetrysourcererEnumerate and disable common sources of telemetry used by AV/EDR.
Stars: ✭ 400 (+140.96%)
Xeexe TopantivirusevasionUndetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (+133.13%)
SigmaGeneric Signature Format for SIEM Systems
Stars: ✭ 4,418 (+2561.45%)
Awesome Windows Red Team A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
Stars: ✭ 308 (+85.54%)
SysmonsearchInvestigate suspicious activity by visualizing Sysmon's event log
Stars: ✭ 302 (+81.93%)
InvizzzibleInviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
Stars: ✭ 268 (+61.45%)
Sysmon ConfigSysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+1880.12%)
ir scriptsincident response scripts
Stars: ✭ 17 (-89.76%)
freebindIPv4 and IPv6 address rate limiting evasion tool
Stars: ✭ 88 (-46.99%)
MsfManiaPython AV Evasion Tools
Stars: ✭ 388 (+133.73%)
FragscapyFragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
Stars: ✭ 52 (-68.67%)
system-monitorQt based replacement for gnome system monitor
Stars: ✭ 16 (-90.36%)
URL-obfuscatorPython Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
Stars: ✭ 101 (-39.16%)
ScareCrow-CobaltStrikeCobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Stars: ✭ 387 (+133.13%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-25.9%)
EvaderPacker (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)
Stars: ✭ 86 (-48.19%)
JustEvadeBroJustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Stars: ✭ 63 (-62.05%)
DNSWhotransmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV
Stars: ✭ 47 (-71.69%)
SysmonResourcesConsolidation of various resources related to Microsoft Sysmon & sample data/log
Stars: ✭ 64 (-61.45%)
SWELFSimple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-86.14%)
ZircoliteA standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Stars: ✭ 443 (+166.87%)
TA-Sysmon-deployDeploy and maintain Symon through the Splunk Deployment Sever
Stars: ✭ 31 (-81.33%)
unprotectUnprotect is a python tool for parsing PE malware and extract evasion techniques.
Stars: ✭ 75 (-54.82%)
angr-antievasionFinal project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).
Stars: ✭ 35 (-78.92%)
NativePayload ARPC# code for Transferring Backdoor Payloads by ARP Traffic and Bypassing Anti-viruses (Slow)
Stars: ✭ 44 (-73.49%)
VeilVeil 3.1.X (Check version info in Veil at runtime)
Stars: ✭ 2,949 (+1676.51%)
Nativepayload dnsC# code for Transferring Backdoor Payloads by DNS Traffic and Bypassing Anti-viruses
Stars: ✭ 228 (+37.35%)
ZombieantZombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Stars: ✭ 169 (+1.81%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+1850%)
Threathunter PlaybookA Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+1634.34%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (+29.52%)
WindowsspyblockerWindowsSpyBlocker 🛡️ is an application written in Go and delivered as
a single executable to block spying and
tracking on Windows systems.
Stars: ✭ 2,913 (+1654.82%)
WhidsOpen Source EDR for Windows
Stars: ✭ 188 (+13.25%)
Attack monitorEndpoint detection & Malware analysis software
Stars: ✭ 186 (+12.05%)
Adversarial Robustness ToolboxAdversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Stars: ✭ 2,638 (+1489.16%)