Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
☆83Apr 27, 2024Updated last year
Alternatives and similar repositories for CTI
Users that are interested in CTI are comparing it to the libraries listed below
Sorting:
- This python script performs a number of sqlite queries (mainly password metadata) against sqlite databases (Created by ROADtools) to prov…☆22Jul 3, 2024Updated last year
- ☆169Sep 30, 2025Updated 5 months ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆817Feb 17, 2025Updated last year
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆193Apr 14, 2024Updated last year
- ☆61Jun 24, 2023Updated 2 years ago
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- What's the Red Team doing to my Linux Box? - BSides Vienna 2024☆17Nov 23, 2024Updated last year
- PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection…☆725Feb 14, 2026Updated 2 weeks ago
- Convert Nmap output for integration with other Project Discovery tools☆15Apr 2, 2023Updated 2 years ago
- ☆138Apr 20, 2023Updated 2 years ago
- ☆33Dec 10, 2024Updated last year
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆225Nov 23, 2023Updated 2 years ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆258Nov 24, 2023Updated 2 years ago
- AAD related enumeration in Nim☆132Sep 7, 2023Updated 2 years ago
- CarbonBlack EDR detection rules and response actions☆73Sep 10, 2024Updated last year
- Providing Azure pipelines to create an infrastructure and run Atomic tests.☆53Jul 25, 2023Updated 2 years ago
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆667Jun 14, 2023Updated 2 years ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆118Aug 19, 2025Updated 6 months ago
- Scripts and a short guide for using them to tier an Active Directory. Made for BSides Copenhagen 2024☆39Oct 20, 2025Updated 4 months ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,638Feb 22, 2026Updated last week
- AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE…☆1,205Dec 29, 2025Updated 2 months ago
- ☆17Jan 9, 2025Updated last year
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- F-Secure Lightweight Acqusition for Incident Response (FLAIR)☆16Jul 5, 2021Updated 4 years ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Mar 1, 2023Updated 3 years ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Oct 10, 2022Updated 3 years ago
- Small utility package for manipulating Windows process tokens☆26Apr 26, 2022Updated 3 years ago
- A proof-of-concept C2 channel through DuckDuckGo's image proxy service☆77Nov 12, 2023Updated 2 years ago
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆843Updated this week
- Click Once + App Domain☆64Updated this week
- Purpleteam scripts simulation & Detection - trigger events for SOC detections☆192Dec 20, 2024Updated last year
- Enumerate information from NTLM authentication enabled web endpoints 🔎☆34Aug 16, 2023Updated 2 years ago
- SQL, IIS, Oh My...☆22Feb 24, 2025Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Subdomains scanner Spider☆13Feb 29, 2024Updated 2 years ago
- Enables an LLM to remotely & securely control a jumphost using synchronous or asynchronous GET requests.☆13Mar 14, 2025Updated 11 months ago