nasbench / Misc-Research

Related projects ⓘ

Alternatives and complementary repositories for Misc-Research

• Mayyhem / Maestro
  Abusing Intune for Lateral Movement over C2
  ☆284Updated 3 weeks ago
• deepinstinct / NoFilter
  ☆294Updated 3 weeks ago
• floesen / EventLogCrasher
  ☆181Updated 10 months ago
• ACE-Responder / RogueSliver
  A suite of tools to disrupt campaigns using the Sliver C2 framework.
  ☆248Updated last year
• CCob / Shwmae
  ☆129Updated last month
• CCob / DGPOEdit
  Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines
  ☆152Updated 2 months ago
• Qazeer / FarsightAD
  PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …
  ☆93Updated last year
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆190Updated 5 months ago
• cbecks2 / edr-artifacts
  This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
  ☆72Updated 2 months ago
• itaymigdal / LOLSpoof
  An interactive shell to spoof some LOLBins command line
  ☆180Updated 9 months ago
• Leo4j / Invoke-SessionHunter
  Retrieve and display information about active user sessions on remote computers. No admin privileges required.
  ☆166Updated 3 months ago
• QueenSquishy / plague
  Default Detections for EDR
  ☆94Updated 9 months ago
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆301Updated last year
• jaredcatkinson / MalwareMorphology
  ☆76Updated this week
• joeavanzato / RetrievIR
  PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
  ☆91Updated 2 months ago
• HuskyHacks / SharpTokenFinder
  C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
  ☆133Updated 3 months ago
• gtworek / VolatileDataCollector
  ☆188Updated 3 weeks ago
• jsecurity101 / JonMon
  ☆173Updated 4 months ago
• dirkjanm / roadtools_hybrid
  Hybrid AD utilities for ROADtools
  ☆63Updated this week
• SafeBreach-Labs / DoubleDrive
  A fully-undetectable ransomware that utilizes OneDrive & Google Drive to encrypt target local files
  ☆123Updated 5 months ago
• improsec / ImproHound
  Identify the attack paths in BloodHound breaking your AD tiering
  ☆310Updated 2 years ago
• LuemmelSec / Custom-BloodHound-Queries
  ☆173Updated 9 months ago
• synacktiv / ntdissector
  ☆127Updated 3 months ago
• LaresLLC / SlinkyCat
  Slinky Cat attempts to give users an easy-to-navigate menu offering predefined Active Directory Service Interfaces (ADSI) and .NET querie…
  ☆79Updated last year
• synacktiv / Invoke-RunAsWithCert
  A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
  ☆117Updated 6 months ago
• sensepost / mydumbedr
  ☆105Updated 9 months ago
• Tanguy-Boisset / bloodhound-automation
  Automatically run and populate a new instance of BH CE
  ☆54Updated last month
• Hacker-Hermanos / C2_INFRA_WORKSHOP_DEFCON32_RED_TEAM_VILLAGE
  C2 Infrastructure Automation
  ☆86Updated last week
• mandiant / ccmpwn
  ☆182Updated 7 months ago
• Malcrove / SeamlessPass
  A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
  ☆129Updated 2 months ago