H4NM / WhoYouCalling
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
☆335Updated this week
Alternatives and similar repositories for WhoYouCalling:
Users that are interested in WhoYouCalling are comparing it to the libraries listed below
- Nuke It From Orbit - remove AV/EDR with physical access☆254Updated 2 months ago
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆314Updated 4 months ago
- A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.☆362Updated 3 weeks ago
- ScriptSentry finds misconfigured and dangerous logon scripts.☆471Updated 2 months ago
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆167Updated this week
- PowerShell tools to help defenders hunt smarter, hunt harder.☆226Updated last month
- Python tool to check rootkits in Windows kernel☆192Updated 2 weeks ago
- Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…☆871Updated last week
- A GUI and CLI tool for removing bloat from executables☆379Updated last month
- God Mode Detection Rules☆134Updated 6 months ago
- ☆194Updated last week
- PowerShell Digital Forensics & Incident Response Scripts.☆566Updated last month
- An ADCS honeypot to catch attackers in your internal network.☆280Updated 7 months ago
- Analyze pcaps with Zeek and a Grafana Dashboard☆165Updated 8 months ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆191Updated last month
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆255Updated 6 months ago
- PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains…☆750Updated this week
- A repository of credential stealer formats☆193Updated last month
- Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI☆653Updated 2 weeks ago
- PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirector…☆310Updated 2 months ago
- C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.☆364Updated last month
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities☆193Updated last month
- VirtualGHOST Detection Tool☆89Updated 9 months ago
- Wireshark RDP resources☆210Updated last week
- ☆530Updated 10 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆249Updated last year
- ☆103Updated last year
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆250Updated 3 weeks ago
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆320Updated 6 months ago