S3N4T0R-0X0 / APTs-Adversary-SimulationView external linksLinks
This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real world attacks .
☆1,036Jan 11, 2026Updated last month
Alternatives and similar repositories for APTs-Adversary-Simulation
Users that are interested in APTs-Adversary-Simulation are comparing it to the libraries listed below
Sorting:
- Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of…☆508Aug 14, 2025Updated 6 months ago
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,301Nov 12, 2025Updated 3 months ago
- Abusing Azure services over C2☆368Jan 20, 2026Updated 3 weeks ago
- This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at t…☆433May 22, 2025Updated 8 months ago
- C2 infrastructure over Microsoft Teams.☆737Jan 15, 2025Updated last year
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆322Oct 12, 2025Updated 4 months ago
- A resource containing all the tools each ransomware gangs uses☆1,327Dec 24, 2025Updated last month
- ☆650Feb 6, 2026Updated last week
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Nov 27, 2024Updated last year
- Simulate the behavior of AV/EDR for malware development training.☆562Feb 15, 2024Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆772Jan 26, 2026Updated 2 weeks ago
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆813Mar 28, 2025Updated 10 months ago
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆152Dec 26, 2025Updated last month
- Mapping of open-source detection rules and atomic tests.☆195Updated this week
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,813Nov 3, 2024Updated last year
- AV/EDR Lab environment setup references to help in Malware development☆424Feb 19, 2025Updated 11 months ago
- Extract and execute a PE embedded within a PNG file using an LNK file.☆466Nov 2, 2024Updated last year
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- A PoC for Early Cascade process injection technique.☆208Jan 30, 2025Updated last year
- Lab used for workshop and CTF☆491Feb 3, 2026Updated last week
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆534May 9, 2025Updated 9 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Mar 6, 2025Updated 11 months ago
- This map lists the essential techniques to bypass anti-virus and EDR☆3,143Mar 28, 2025Updated 10 months ago
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆568May 22, 2025Updated 8 months ago
- Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀☆3,289Feb 1, 2026Updated 2 weeks ago
- Complete list of LPE exploits for Windows (starting from 2023)☆908Updated this week
- ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.☆501Jan 23, 2026Updated 3 weeks ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆442Jul 8, 2024Updated last year
- Open Source C&C Specification☆277Feb 28, 2025Updated 11 months ago
- A Python POC for CRED1 over SOCKS5☆164Oct 5, 2024Updated last year
- Evasive shellcode loader☆398Oct 17, 2024Updated last year
- EDR Lab for Experimentation Purposes☆1,409Jan 20, 2026Updated 3 weeks ago
- AdaptixC2 is a highly modular advanced redteam toolkit☆2,697Feb 8, 2026Updated last week
- Windows rootkit designed to work with BYOVD exploits☆214Jan 18, 2025Updated last year
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,401Jan 19, 2026Updated 3 weeks ago
- HookChain: A new perspective for Bypassing EDR Solutions☆589Jan 5, 2025Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆591Jun 12, 2024Updated last year
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,924Jan 20, 2026Updated 3 weeks ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆635May 8, 2025Updated 9 months ago