PaulSec/awesome-windows-domain-hardening external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PaulSec/awesome-windows-domain-hardening

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PaulSec/awesome-windows-domain-hardening)

Close

PaulSec / awesome-windows-domain-hardeningView on GitHubMore

• External links
• Readme badge

A curated list of awesome Security Hardening techniques for Windows.

☆1,788Jan 7, 2020Updated 6 years ago

Alternatives and similar repositories for awesome-windows-domain-hardening

Users that are interested in awesome-windows-domain-hardening are comparing it to the libraries listed below

• nccgroup / redsnarf

  View on GitHub
  RedSnarf is a pen-testing / red-teaming tool for Windows environments
  ☆1,213Sep 14, 2020Updated 5 years ago
• hardentools / hardentools

  View on GitHub
  Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
  ☆3,081Aug 10, 2025Updated 6 months ago
• nsacyber / Windows-Secure-Host-Baseline

  View on GitHub
  Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
  ☆1,596Dec 24, 2022Updated 3 years ago
• bluscreenofjeff / Red-Team-Infrastructure-Wiki

  View on GitHub
  Wiki to collect Red Team infrastructure hardening resources
  ☆4,454Oct 1, 2025Updated 5 months ago
• Cn33liz / p0wnedShell

  View on GitHub
  PowerShell Runspace Post Exploitation Toolkit
  ☆1,548Aug 2, 2019Updated 6 years ago
• hausec / ADAPE-Script

  View on GitHub
  Active Directory Assessment and Privilege Escalation Script
  ☆1,131Dec 7, 2022Updated 3 years ago
• infosecn1nja / AD-Attack-Defense

  View on GitHub
  Attack and defend active directory using modern post exploitation adversary tradecraft activity
  ☆4,797Jul 29, 2025Updated 7 months ago
• palantir / windows-event-forwarding

  View on GitHub
  A repository for using windows event forwarding for incident detection and response
  ☆1,299Sep 8, 2025Updated 6 months ago
• ANSSI-FR / AD-control-paths

  View on GitHub
  Active Directory Control Paths auditing and graphing tools
  ☆679Dec 17, 2020Updated 5 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,492Jan 12, 2026Updated last month
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,137Oct 19, 2025Updated 4 months ago
• utsecnet / PAW

  View on GitHub
  ☆319Feb 9, 2020Updated 6 years ago
• GoFetchAD / GoFetch

  View on GitHub
  GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
  ☆634Jun 20, 2017Updated 8 years ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,909Jul 6, 2024Updated last year
• HarmJ0y / CheatSheets

  View on GitHub
  Cheat sheets for various projects.
  ☆1,086Oct 16, 2017Updated 8 years ago
• vysecurity / RedTips

  View on GitHub
  Red Team Tips as posted by @vysecurity on Twitter
  ☆1,069Apr 26, 2020Updated 5 years ago
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆349Mar 19, 2021Updated 4 years ago
• DanMcInerney / icebreaker

  View on GitHub
  Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
  ☆1,195Oct 24, 2018Updated 7 years ago
• FuzzySecurity / PowerShell-Suite

  View on GitHub
  My musings with PowerShell
  ☆2,704Nov 19, 2021Updated 4 years ago
• Kevin-Robertson / Inveigh

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆2,916Nov 19, 2025Updated 3 months ago
• sense-of-security / ADRecon

  View on GitHub
  ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the…
  ☆1,888Jun 15, 2020Updated 5 years ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,427Nov 16, 2023Updated 2 years ago
• eladshamir / Internal-Monologue

  View on GitHub
  Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
  ☆1,645Oct 11, 2018Updated 7 years ago
• sensepost / ruler

  View on GitHub
  A tool to abuse Exchange services
  ☆2,302Jun 10, 2024Updated last year
• outflanknl / Invoke-ADLabDeployer

  View on GitHub
  Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  ☆491Feb 16, 2019Updated 7 years ago
• curi0usJack / luckystrike

  View on GitHub
  A PowerShell based utility for the creation of malicious Office macro documents.
  ☆1,109Nov 3, 2017Updated 8 years ago
• api0cradle / UltimateAppLockerByPassList

  View on GitHub
  The goal of this repository is to document the most common techniques to bypass AppLocker.
  ☆2,049Sep 11, 2023Updated 2 years ago
• magoo / redteam-plan

  View on GitHub
  Issues to consider when planning a red team exercise.
  ☆615Aug 23, 2017Updated 8 years ago
• SpecterOps / BloodHound-Legacy

  View on GitHub
  Six Degrees of Domain Admin
  ☆10,547Mar 2, 2026Updated last week
• Arvanaghi / SessionGopher

  View on GitHub
  SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, Supe…
  ☆1,311Nov 22, 2022Updated 3 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,575Sep 21, 2025Updated 5 months ago
• SwiftOnSecurity / sysmon-config

  View on GitHub
  Sysmon configuration file template with default high-quality event tracing
  ☆5,419Jul 3, 2024Updated last year
• api0cradle / LOLBAS

  View on GitHub
  Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
  ☆1,615Dec 10, 2018Updated 7 years ago
• dafthack / MailSniper

  View on GitHub
  MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, i…
  ☆3,213Aug 7, 2025Updated 7 months ago
• redhuntlabs / RedHunt-OS

  View on GitHub
  Virtual Machine for Adversary Emulation and Threat Hunting
  ☆1,313Jan 22, 2025Updated last year
• giMini / PowerMemory

  View on GitHub
  Exploit the credentials present in files and memory
  ☆842May 25, 2023Updated 2 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆937Dec 12, 2023Updated 2 years ago
• NextronSystems / APTSimulator

  View on GitHub
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,714Sep 23, 2025Updated 5 months ago
• A-mIn3 / WINspect

  View on GitHub
  Powershell-based Windows Security Auditing Toolbox
  ☆573Jan 9, 2019Updated 7 years ago