Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop
☆76Jan 19, 2026Updated last month
Alternatives and similar repositories for adversarial-threat-modelling
Users that are interested in adversarial-threat-modelling are comparing it to the libraries listed below
Sorting:
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Extract the Procedures (TTP) from CTI reports☆17Dec 13, 2025Updated 2 months ago
- ☆14Mar 9, 2023Updated 3 years ago
- ☆17Aug 25, 2022Updated 3 years ago
- Bypass Constrained Language Mode in PowerShell☆29May 21, 2019Updated 6 years ago
- Takes the original idea of NetCease and adds functionality☆24Feb 6, 2022Updated 4 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Cuckoo Sandbox is an automated dynamic malware analysis system☆107May 22, 2020Updated 5 years ago
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Sep 30, 2024Updated last year
- Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs☆125May 24, 2022Updated 3 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆83May 23, 2022Updated 3 years ago
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆667Jun 14, 2023Updated 2 years ago
- Exploit for HiveNightmare - CVE-2021–36934☆61Aug 22, 2025Updated 6 months ago
- A very simple lab to demo some Terraform, DSC, Inspec and Gitlab CI☆94Dec 8, 2022Updated 3 years ago
- ☆65Jun 5, 2021Updated 4 years ago
- Load any Beacon Object File using Powershell!☆260Dec 9, 2021Updated 4 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Jul 18, 2019Updated 6 years ago
- the most basic DLL ever to pop a cmd.☆24Jul 11, 2020Updated 5 years ago
- These are some of the commands which I use frequently during Malware Analysis and DFIR.☆24Jan 8, 2024Updated 2 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- ☆94May 14, 2022Updated 3 years ago
- 🦉🔬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.☆11Jan 9, 2020Updated 6 years ago
- ☆10Nov 21, 2023Updated 2 years ago
- RACF Database Parser☆12Apr 4, 2024Updated last year
- Spider or repeater to find all links.☆10Feb 7, 2021Updated 5 years ago
- Build your own threat hunting maturity model☆11Oct 29, 2017Updated 8 years ago
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- Test Azure environment for MFA misconfigurations☆12Jan 13, 2023Updated 3 years ago
- libflutter.so(s) modified for traffic intercepting removing certificate pinning validation. Dart version is 2.10.5☆12Jul 11, 2021Updated 4 years ago
- Technical cyber security resources across the NIST cyber security framework lifecycle☆11Apr 28, 2021Updated 4 years ago
- pyForgeCert is a Python equivalent of the ForgeCert.☆69Aug 15, 2023Updated 2 years ago
- ☆35Jun 22, 2021Updated 4 years ago
- Notebooks created to attack and secure Active Directory environments☆27Nov 18, 2019Updated 6 years ago
- Purple Team Exercise Framework☆769Jan 4, 2024Updated 2 years ago
- This code was used for the blogpost on secjuice.☆43Apr 17, 2019Updated 6 years ago
- Zoom Persistence Aggressor and Handler☆55Mar 24, 2021Updated 4 years ago
- C# port of the Get-AppLockerPolicy PS cmdlet☆100Dec 8, 2022Updated 3 years ago
- Files for http://deniable.org/windows/windows-callbacks☆26Jul 9, 2020Updated 5 years ago