Qazeer / FarsightADLinks
PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise
☆94Updated last year
Alternatives and similar repositories for FarsightAD
Users that are interested in FarsightAD are comparing it to the libraries listed below
Sorting:
- PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.☆70Updated 5 months ago
- Default Detections for EDR☆96Updated last year
- ☆100Updated 2 years ago
- GolenGMSA tool for working with GMSA passwords☆150Updated last year
- ☆83Updated 2 years ago
- Identify the attack paths in BloodHound breaking your AD tiering☆320Updated 2 years ago
- Active C&C Detector☆154Updated last year
- ☆178Updated 5 months ago
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Tool to extract powerful tokens from Office desktop apps memory☆71Updated last year
- InfoSec Notes☆56Updated last year
- Material for the "Hands-On BloodHound" Workshop☆108Updated 4 years ago
- ☆89Updated last month
- Pushes Sysmon Configs☆88Updated 3 years ago
- Simple PoC from Malicious Payload Injection from Windows Event Log Entry☆27Updated 2 years ago
- ☆247Updated last year
- Abuse Azure API permissions for red teaming☆67Updated 2 years ago
- ☆13Updated 2 years ago
- Yara Rules for Modern Malware☆77Updated last year
- Collection of tools to use with Azure Applications☆108Updated last year
- Azure AD cheatsheet for the CARTP course☆116Updated 3 years ago
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆151Updated 2 years ago
- Small utility to chunk up a large BloodHound JSON file into smaller files for importing.☆93Updated 2 years ago
- Placeholder for my detection repo and misc detection engineering content☆43Updated last year
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆122Updated 3 years ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆106Updated 5 months ago
- Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later☆91Updated 2 years ago
- Scripts to enumerate and report on Entra Conditional Access☆32Updated 3 weeks ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Updated 2 years ago