This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real world attacks .
☆1,086Jun 7, 2026Updated last week
Alternatives and similar repositories for APTs-Adversary-Simulation
Users that are interested in APTs-Adversary-Simulation are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of…☆521Jun 9, 2026Updated last week
- A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive …☆1,461May 5, 2026Updated last month
- This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at t…☆452Jun 10, 2026Updated last week
- Abusing Azure services over C2☆373Jan 20, 2026Updated 4 months ago
- C2 infrastructure over Microsoft Teams.☆751Jan 15, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A resource containing all the tools each ransomware gangs uses☆1,390May 26, 2026Updated 3 weeks ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆327Oct 12, 2025Updated 8 months ago
- ☆713May 22, 2026Updated 3 weeks ago
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆155Dec 26, 2025Updated 5 months ago
- Simulate the behavior of AV/EDR for malware development training.☆567Feb 15, 2024Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆208Mar 6, 2025Updated last year
- Mapping of open-source detection rules and atomic tests.☆211Feb 16, 2026Updated 4 months ago
- Reaping treasures from strings in remote processes memory☆288Feb 8, 2025Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Extract and execute a PE embedded within a PNG file using an LNK file.☆479Nov 2, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,879Nov 3, 2024Updated last year
- Lab used for workshop and CTF☆521Feb 3, 2026Updated 4 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆802Jan 26, 2026Updated 4 months ago
- AV/EDR Lab environment setup references to help in Malware development☆468Feb 19, 2025Updated last year
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆818Mar 28, 2025Updated last year
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆577May 22, 2025Updated last year
- A PoC for Early Cascade process injection technique.☆217Jan 30, 2025Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆556May 9, 2025Updated last year
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A Python POC for CRED1 over SOCKS5☆171Oct 5, 2024Updated last year
- This map lists the essential techniques to bypass anti-virus and EDR☆3,281Mar 28, 2025Updated last year
- Evasive shellcode loader☆398Oct 17, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆383Dec 13, 2024Updated last year
- Windows rootkit designed to work with BYOVD exploits☆222Jan 18, 2025Updated last year
- Complete list of LPE exploits for Windows (starting from 2023)☆949May 16, 2026Updated last month
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆441Jul 8, 2024Updated last year
- ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.☆519Mar 7, 2026Updated 3 months ago
- EDR Lab for Experimentation Purposes☆1,453Jun 10, 2026Updated last week
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,466Apr 9, 2026Updated 2 months ago
- A tool matrix for Russian APTs based on the Ransomware Tool Matrix☆235Aug 20, 2025Updated 9 months ago
- SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.☆407Sep 26, 2025Updated 8 months ago
- Because AV evasion should be easy.☆878Nov 28, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆739May 7, 2025Updated last year
- PowerShell tools to help defenders hunt smarter, hunt harder.☆484Oct 29, 2025Updated 7 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆208Dec 25, 2024Updated last year