Purple Team Security
☆76Mar 24, 2022Updated 3 years ago
Alternatives and similar repositories for Hornets-Nest
Users that are interested in Hornets-Nest are comparing it to the libraries listed below
Sorting:
- Bunch of honey related items that spoof/decoy powersploit functions.☆18Apr 23, 2020Updated 5 years ago
- Lateral Movement graph for Azure Active Directory☆127Dec 8, 2022Updated 3 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 4 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆79Feb 27, 2020Updated 6 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- ☆166Feb 13, 2020Updated 6 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- BloodHound Cypher Queries Ported to a Jupyter Notebook☆53Jun 20, 2020Updated 5 years ago
- ☆57May 13, 2020Updated 5 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- IOCPARSER.COM is a Fast and Reliable service that enables you to extract IOCs and intelligence from different data sources.☆36Jan 20, 2022Updated 4 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- A Splunk app that will rotate between dashboards on a frequency; useful for displaying content on informational big screens.☆13Mar 9, 2022Updated 4 years ago
- Iterative AD discovery toolkit for offensive operations☆85Mar 16, 2020Updated 6 years ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- A fast library for parsing and importing Windows Event Logs into Elasticsearch.☆86Updated this week
- Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.☆255Jul 29, 2021Updated 4 years ago
- Kerberoast Detection Script☆30Oct 31, 2024Updated last year
- Compilation of resources to help with Adversary Simulation automation harness☆100Aug 7, 2020Updated 5 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Collection of tools that reflect the network dimension into Bloodhound's data☆446Oct 19, 2022Updated 3 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- A pair of scripts to import session and local group information that has been collected from alternate data sources into BloodHound's Neo…☆20Aug 29, 2022Updated 3 years ago
- Threat Box Assessment Tool☆19Mar 5, 2026Updated 2 weeks ago
- ☆100Feb 16, 2021Updated 5 years ago
- Simple .NET assembly to interact with services.☆43Sep 27, 2019Updated 6 years ago
- A module for CME that spiders across a domain.☆35Jul 15, 2022Updated 3 years ago
- ☆18Jul 3, 2020Updated 5 years ago
- This repo contains code of JScript .NET which can be used as alternative to csc.exe to run potentially malicious code, which ships in all…☆13Nov 8, 2019Updated 6 years ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆169Jan 5, 2021Updated 5 years ago
- ☆18Sep 14, 2023Updated 2 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Identify the attack paths in BloodHound breaking your AD tiering☆326Nov 6, 2022Updated 3 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆133Jan 31, 2022Updated 4 years ago
- ☆33Apr 7, 2020Updated 5 years ago
- POC for .NET mssql client for accessing database data through beacon☆64Sep 12, 2023Updated 2 years ago
- ACT documentation repo☆18May 22, 2024Updated last year
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆30Mar 2, 2021Updated 5 years ago