WithSecureLabs / lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
☆329Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for lolcerts
- The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.☆289Updated 10 months ago
- Nuke It From Orbit - remove AV/EDR with physical access☆201Updated 3 weeks ago
- An ADCS honeypot to catch attackers in your internal network.☆226Updated 4 months ago
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆221Updated 3 months ago
- Because AV evasion should be easy.☆314Updated 4 months ago
- The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).☆342Updated this week
- ☆173Updated 4 months ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆741Updated 2 months ago
- Retired TrustedSec Capabilities☆227Updated last month
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆162Updated last week
- ☆181Updated 10 months ago
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆131Updated 10 months ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆655Updated 9 months ago
- Tools for interacting with authentication packages using their individual message protocols☆298Updated 3 weeks ago
- Tools for analyzing EDR agents☆209Updated 5 months ago
- Canary Detection☆162Updated 7 months ago
- Little user-mode AV/EDR evasion lab for training & learning purposes☆1,010Updated 6 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆105Updated this week
- ☆493Updated 7 months ago
- Venom is a library that meant to perform evasive communication using stolen browser socket☆373Updated last year
- a tool to help operate in EDRs' blind spots☆654Updated 7 months ago
- Analyse your malware to surgically obfuscate it☆419Updated last year
- Okta Verify and Okta FastPass Abuse Tool☆289Updated 2 months ago
- ☆222Updated 6 months ago
- A collection of tools, scripts and personal research☆113Updated 4 months ago
- Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.☆180Updated 2 months ago
- A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files☆123Updated 5 months ago
- God Mode Detection Rules☆131Updated 3 months ago
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆178Updated 4 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆240Updated 5 months ago