β349Mar 19, 2021Updated 4 years ago
Alternatives and similar repositories for Windows-Hunting
Users that are interested in Windows-Hunting are comparing it to the libraries listed below
Sorting:
- Powershell-based Windows Security Auditing Toolboxβ573Jan 9, 2019Updated 7 years ago
- π΅ Ethereum and BNB (BSC) Mev bot - Arbitrageβ356Feb 11, 2026Updated 3 weeks ago
- Remote Recon and Collectionβ459Nov 23, 2017Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.β937Dec 12, 2023Updated 2 years ago
- Collection of PowerShell scriptsβ450Dec 18, 2017Updated 8 years ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own APIβ370Feb 7, 2019Updated 7 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.β141Mar 7, 2018Updated 7 years ago
- Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.β399May 20, 2020Updated 5 years ago
- Test Blue Team detections without running any attack.β271May 2, 2024Updated last year
- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)β1,613Dec 10, 2018Updated 7 years ago
- PowerShell script to find 'vulnerable' security-related GPOs that should be hardendedβ198Jun 1, 2018Updated 7 years ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talkβ135Aug 10, 2018Updated 7 years ago
- Automated, Collection, and Enrichment Platformβ324Nov 14, 2019Updated 6 years ago
- A toolset to make a system look as if it was the victim of an APT attackβ2,715Sep 23, 2025Updated 5 months ago
- PowerShell oneliner to retrieve wdigest passwords from the memoryβ220Dec 11, 2017Updated 8 years ago
- β229May 10, 2018Updated 7 years ago
- FCL (Fileless Command Lines) - Known command lines of fileless malicious executionsβ477Apr 8, 2021Updated 4 years ago
- Utilities for MITREβ’ ATT&CKβ1,050Jan 3, 2026Updated 2 months ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.β168Dec 10, 2018Updated 7 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more eβ¦β4,486Jan 12, 2026Updated last month
- Utilities for Sysmonβ1,573Sep 21, 2025Updated 5 months ago
- An information security preparedness tool to do adversarial simulation.β1,139Apr 1, 2019Updated 6 years ago
- A repository for using windows event forwarding for incident detection and responseβ1,299Sep 8, 2025Updated 5 months ago
- Virtual Machine for Adversary Emulation and Threat Huntingβ1,313Jan 22, 2025Updated last year
- A PowerShell script that aims to have a fully configured domain built in under 10 minutes, but also apply security configuration and hardβ¦β201Mar 27, 2021Updated 4 years ago
- Windows Events Attack Samplesβ2,515Jan 24, 2023Updated 3 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event logβ3,136Oct 19, 2025Updated 4 months ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported β¦β842Jun 25, 2024Updated last year
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across alβ¦β658Aug 19, 2019Updated 6 years ago
- β1,092May 1, 2019Updated 6 years ago
- CACTUSTORCH: Payload Generation for Adversary Simulationsβ1,014Jul 3, 2018Updated 7 years ago
- Searches For Threat Hunting and Security Analyticsβ238Mar 26, 2025Updated 11 months ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environmentsβ1,213Sep 14, 2020Updated 5 years ago
- Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.β492Feb 16, 2019Updated 7 years ago
- An informational repo about hunting for adversaries in your IT environment.β1,854Nov 17, 2021Updated 4 years ago
- This project is just a dumping ground for random scripts I've developed.β139Aug 14, 2024Updated last year
- A tool to elevate privilege with Windows Tokensβ1,053Oct 6, 2023Updated 2 years ago
- PowerShell Runspace Post Exploitation Toolkitβ1,548Aug 2, 2019Updated 6 years ago
- The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This toolβ¦β1,128Feb 10, 2021Updated 5 years ago