This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real world attacks .
☆1,059Mar 10, 2026Updated 2 weeks ago
Alternatives and similar repositories for APTs-Adversary-Simulation
Users that are interested in APTs-Adversary-Simulation are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of…☆511Aug 14, 2025Updated 7 months ago
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,334Nov 12, 2025Updated 4 months ago
- This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at t…☆440May 22, 2025Updated 10 months ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated 2 months ago
- C2 infrastructure over Microsoft Teams.☆747Jan 15, 2025Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆689Updated this week
- A resource containing all the tools each ransomware gangs uses☆1,332Mar 18, 2026Updated last week
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆322Oct 12, 2025Updated 5 months ago
- VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data …☆154Dec 26, 2025Updated 3 months ago
- Simulate the behavior of AV/EDR for malware development training.☆565Feb 15, 2024Updated 2 years ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆207Mar 6, 2025Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- Mapping of open-source detection rules and atomic tests.☆204Feb 16, 2026Updated last month
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Extract and execute a PE embedded within a PNG file using an LNK file.☆465Nov 2, 2024Updated last year
- Lab used for workshop and CTF☆509Feb 3, 2026Updated last month
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,831Nov 3, 2024Updated last year
- Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀☆3,349Mar 4, 2026Updated 3 weeks ago
- AV/EDR Lab environment setup references to help in Malware development☆462Feb 19, 2025Updated last year
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆816Mar 28, 2025Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆787Jan 26, 2026Updated 2 months ago
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆572May 22, 2025Updated 10 months ago
- A PoC for Early Cascade process injection technique.☆215Jan 30, 2025Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆543May 9, 2025Updated 10 months ago
- This map lists the essential techniques to bypass anti-virus and EDR☆3,179Mar 28, 2025Updated last year
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- Evasive shellcode loader☆400Oct 17, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- Complete list of LPE exploits for Windows (starting from 2023)☆917Mar 13, 2026Updated 2 weeks ago
- Windows rootkit designed to work with BYOVD exploits☆218Jan 18, 2025Updated last year
- ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.☆508Mar 7, 2026Updated 3 weeks ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆443Jul 8, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- EDR Lab for Experimentation Purposes☆1,427Mar 1, 2026Updated 3 weeks ago
- AdaptixC2 is a highly modular advanced redteam toolkit☆2,866Mar 22, 2026Updated last week
- A tool matrix for Russian APTs based on the Ransomware Tool Matrix☆232Aug 20, 2025Updated 7 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆702May 7, 2025Updated 10 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆478Oct 29, 2025Updated 5 months ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,198Oct 16, 2023Updated 2 years ago