Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
☆83Apr 27, 2024Updated last year
Alternatives and similar repositories for CTI
Users that are interested in CTI are comparing it to the libraries listed below
Sorting:
- CarbonBlack EDR detection rules and response actions☆73Sep 10, 2024Updated last year
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆818Mar 6, 2026Updated 2 weeks ago
- ☆169Sep 30, 2025Updated 5 months ago
- ☆138Apr 20, 2023Updated 2 years ago
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆193Apr 14, 2024Updated last year
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- Click Once + App Domain☆67Feb 23, 2026Updated 3 weeks ago
- This python script performs a number of sqlite queries (mainly password metadata) against sqlite databases (Created by ROADtools) to prov…☆22Jul 3, 2024Updated last year
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Mar 1, 2023Updated 3 years ago
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆667Jun 14, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection…☆730Feb 14, 2026Updated last month
- Manage attack surface data on Elasticsearch☆25Nov 20, 2023Updated 2 years ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- AAD related enumeration in Nim☆131Sep 7, 2023Updated 2 years ago
- AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE…☆1,206Dec 29, 2025Updated 2 months ago
- Enumerate information from NTLM authentication enabled web endpoints 🔎☆34Aug 16, 2023Updated 2 years ago
- ☆60Jun 24, 2023Updated 2 years ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆322Oct 12, 2025Updated 5 months ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆225Nov 23, 2023Updated 2 years ago
- F-Secure Lightweight Acqusition for Incident Response (FLAIR)☆16Jul 5, 2021Updated 4 years ago
- ☆17Jan 9, 2025Updated last year
- A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.☆34Jul 23, 2024Updated last year
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,661Mar 9, 2026Updated last week
- A proof-of-concept C2 channel through DuckDuckGo's image proxy service☆77Nov 12, 2023Updated 2 years ago
- SQL, IIS, Oh My...☆22Feb 24, 2025Updated last year
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Oct 10, 2022Updated 3 years ago
- What's the Red Team doing to my Linux Box? - BSides Vienna 2024☆17Nov 23, 2024Updated last year
- Scripts and a short guide for using them to tier an Active Directory. Made for BSides Copenhagen 2024☆39Oct 20, 2025Updated 5 months ago
- A Azure Exploitation Toolkit for Red Team & Pentesters☆165May 6, 2023Updated 2 years ago
- Can you pay the ransom in your country?☆14Dec 18, 2023Updated 2 years ago
- An open-source self-hosted purple team management web application.☆303Feb 15, 2026Updated last month
- ☆33Dec 10, 2024Updated last year
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆843Feb 23, 2026Updated 3 weeks ago
- Local & remote Windows DLL Proxying☆169Jun 17, 2024Updated last year
- Enables an LLM to remotely & securely control a jumphost using synchronous or asynchronous GET requests.☆13Mar 14, 2025Updated last year
- This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple…☆787Updated this week
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆617Jan 2, 2025Updated last year
- Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports☆160Updated this week