nsacyber / Pass-the-Hash-GuidanceView external linksLinks
Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber
☆201Nov 25, 2016Updated 9 years ago
Alternatives and similar repositories for Pass-the-Hash-Guidance
Users that are interested in Pass-the-Hash-Guidance are comparing it to the libraries listed below
Sorting:
- Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber☆232Oct 31, 2025Updated 3 months ago
- Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsac…☆881Nov 17, 2020Updated 5 years ago
- A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mit…☆99Jun 8, 2016Updated 9 years ago
- Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber☆76May 25, 2016Updated 9 years ago
- Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber☆113Jun 2, 2016Updated 9 years ago
- Assesses CPU security of embedded devices. #nsacyber☆141Jun 1, 2016Updated 9 years ago
- A userland network manager with monitoring and limiting capabilities for macOS. #nsacyber☆80Nov 29, 2016Updated 9 years ago
- Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber☆1,589Dec 24, 2022Updated 3 years ago
- Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber☆406Dec 8, 2022Updated 3 years ago
- A proposed hardware-based method for stopping known memory corruption exploitation techniques. #nsacyber☆156May 10, 2017Updated 8 years ago
- Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. #nsacyber☆164May 11, 2020Updated 5 years ago
- A simple utility to check the status of and/or disable SMBv1 on Windows system via Cb Response's Live Response functionality.☆15May 28, 2019Updated 6 years ago
- WALKOFF-enabled applications. #nsacyber☆143Mar 14, 2019Updated 6 years ago
- A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, t…☆1,230Dec 12, 2022Updated 3 years ago
- SMB Named Pipe shell☆69Nov 19, 2024Updated last year
- Miscellaneous C-Sharp projects for red team activities☆24Aug 12, 2022Updated 3 years ago
- Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found. #nsacyber☆30Jun 10, 2017Updated 8 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆114May 27, 2017Updated 8 years ago
- A repository for using windows event forwarding for incident detection and response☆1,296Sep 8, 2025Updated 5 months ago
- Configuration guidance for implementing BitLocker. #nsacyber☆127Jul 24, 2019Updated 6 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Dec 26, 2018Updated 7 years ago
- Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.☆42Oct 15, 2022Updated 3 years ago
- A curated list of awesome Security Hardening techniques for Windows.☆1,790Jan 7, 2020Updated 6 years ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,212Sep 14, 2020Updated 5 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,428Nov 16, 2023Updated 2 years ago
- An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber☆989Jun 27, 2017Updated 8 years ago
- Fast implementations of the SIMON and SPECK lightweight block ciphers for the SUPERCOP benchmark toolkit. #nsacyber☆50Jun 13, 2018Updated 7 years ago
- An Insider Threat Toolkit☆155Dec 17, 2018Updated 7 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆388Jun 25, 2024Updated last year
- Invoke-LiveResponse☆150Feb 22, 2022Updated 3 years ago
- A Powershell incident response framework☆1,639Nov 22, 2022Updated 3 years ago
- Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in suppo…☆1,028Feb 24, 2020Updated 5 years ago
- Reconstruct process trees from event logs☆147Aug 12, 2020Updated 5 years ago
- A series of GPO templates☆21Jan 2, 2017Updated 9 years ago
- The SIMON and SPECK families of lightweight block ciphers. #nsacyber☆168Nov 12, 2019Updated 6 years ago
- Issues to consider when planning a red team exercise.☆614Aug 23, 2017Updated 8 years ago
- Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software…☆199Nov 19, 2017Updated 8 years ago
- Blocks drivers from loading by using a name collision technique. #nsacyber☆49Dec 18, 2017Updated 8 years ago