WithSecureLabs / lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
☆342Updated 11 months ago
Alternatives and similar repositories for lolcerts:
Users that are interested in lolcerts are comparing it to the libraries listed below
- Nuke It From Orbit - remove AV/EDR with physical access☆254Updated 3 months ago
- The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.☆291Updated last year
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆785Updated 3 weeks ago
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆167Updated 2 weeks ago
- Venom is a library that meant to perform evasive communication using stolen browser socket☆375Updated last year
- AV/EDR Evasion Lab for Training & Learning Purposes☆1,204Updated 3 weeks ago
- An ADCS honeypot to catch attackers in your internal network.☆283Updated 8 months ago
- ☆186Updated last year
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆120Updated last month
- Lifetime AMSI bypass☆617Updated last year
- The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).☆364Updated last week
- Tools for analyzing EDR agents☆221Updated 9 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆249Updated last year
- Canary Detection☆164Updated 11 months ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆455Updated 3 months ago
- User Enumeration of Microsoft Teams users via API☆147Updated 11 months ago
- ☆296Updated 4 months ago
- A delicious, but malicious SSL-VPN server 🌮☆211Updated 3 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆640Updated 4 months ago
- Python tool to check rootkits in Windows kernel☆194Updated last week
- a tool to help operate in EDRs' blind spots☆721Updated 3 months ago
- God Mode Detection Rules☆134Updated 7 months ago
- Because AV evasion should be easy.☆668Updated 3 months ago
- Analyse your malware to surgically obfuscate it☆454Updated 2 weeks ago
- ☆127Updated last year
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆721Updated last year
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆462Updated this week
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆308Updated last year
- Tools for interacting with authentication packages using their individual message protocols☆309Updated last week
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆264Updated 7 months ago