#Blue_Team
Advanced Sysmon ATT&CK configuration
https://github.com/ion-storm/sysmon-config
@BlueRedTeam
Advanced Sysmon ATT&CK configuration
https://github.com/ion-storm/sysmon-config
@BlueRedTeam
GitHub
GitHub - ion-storm/sysmon-config: Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source…
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Ex...
#webshell
Yara rule for web threat (webshell, redirector)
https://github.com/farhanfaisal/yararule_web
@BlueRedTeam
Yara rule for web threat (webshell, redirector)
https://github.com/farhanfaisal/yararule_web
@BlueRedTeam
GitHub
GitHub - farhanfaisal/yararule_web: Yara rule for web threat (webshell, redirector)
Yara rule for web threat (webshell, redirector). Contribute to farhanfaisal/yararule_web development by creating an account on GitHub.
#Red_Team
Detects the feasibility of sending emails, which can be used to test target email accounts in red team operations. The feasibility sent by the detection mail can be used for the target mailbox account test in the Red Team battle.
https://github.com/808Mak1r/CEmail
@BlueRedTeam
Detects the feasibility of sending emails, which can be used to test target email accounts in red team operations. The feasibility sent by the detection mail can be used for the target mailbox account test in the Red Team battle.
https://github.com/808Mak1r/CEmail
@BlueRedTeam
GitHub
GitHub - 808Mak1r/CEmail: 检测邮件发送的可行性,可用来红队作战中对目标邮箱账户测试。The feasibility sent by the detection mail can be used for the target mailbox…
检测邮件发送的可行性,可用来红队作战中对目标邮箱账户测试。The feasibility sent by the detection mail can be used for the target mailbox account test in the Red Team battle. - 808Mak1r/CEmail
#Red_Team
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/JHKLing/Red-VS-Blue-Project
@BlueRedTeam
Red Team Toolkit for CTF's and Learning for Windows Offense
https://github.com/JHKLing/Red-VS-Blue-Project
@BlueRedTeam
GitHub
GitHub - JHKLing/Red-VS-Blue-Project: In this project, you will work on a Red Team vs. Blue Team scenario in which you will play…
In this project, you will work on a Red Team vs. Blue Team scenario in which you will play the role of both pentester and SOC analyst. As the Red Team, you will attack a vulnerable VM within your e...
👍2
#Red_Team
ShadowSpray - tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects
https://github.com/Dec0ne/ShadowSpray
@BlueRedTeam
ShadowSpray - tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects
https://github.com/Dec0ne/ShadowSpray
@BlueRedTeam
GitHub
GitHub - Dec0ne/ShadowSpray: A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten Gen…
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain. - Dec0ne/ShadowSpray
👍1
#Red_Team
+ Living-Off-the-Blindspot - Operating into EDRs’ blindspot
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
+ On Bypassing eBPF Security Monitoring
https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
@BlueRedTeam
+ Living-Off-the-Blindspot - Operating into EDRs’ blindspot
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
+ On Bypassing eBPF Security Monitoring
https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
@BlueRedTeam
Naksyn’s blog
Living-Off-the-Blindspot - Operating into EDRs’ blindspot
Red Teaming and offensive stuff
#Red_Team
1. Pivoting Over TTLS-PAP WPA Enterprise Networks
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
2. Active Directory data collector for BloodHound
https://github.com/OPENCYBER-FR/RustHound
@BlueRedTeam
1. Pivoting Over TTLS-PAP WPA Enterprise Networks
https://tbhaxor.com/pivoting-over-ttls-pap-wifi-network
2. Active Directory data collector for BloodHound
https://github.com/OPENCYBER-FR/RustHound
@BlueRedTeam
tbhaxor's Blog
Pivoting Over TTLS-PAP WPA Enterprise Networks
In this post, you will learn how to obtain wifi credentials for a TTLS-PAP enterprise network, connect to the network, and access LAN resources.
#Cobalt_Strike
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
https://github.com/CodeXTF2/ScreenshotBOF
@BlueRedTeam
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
https://github.com/CodeXTF2/ScreenshotBOF
@BlueRedTeam
GitHub
GitHub - CodeXTF2/ScreenshotBOF: An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a…
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory. - CodeXTF2/ScreenshotBOF
#Red_Team
Environment configuration for Red Team Cyber Security testings and tasks
https://github.com/zackjmccann/red-team-security
@BlueRedTeam
Environment configuration for Red Team Cyber Security testings and tasks
https://github.com/zackjmccann/red-team-security
@BlueRedTeam
#Red_Team
Blog about personnal research, Red Team/AD/Maldev & CTF Writeups
https://github.com/0xSV1/NorwegianPasswordSpraying
@BlueRedTeam
Blog about personnal research, Red Team/AD/Maldev & CTF Writeups
https://github.com/0xSV1/NorwegianPasswordSpraying
@BlueRedTeam
GitHub
GitHub - 0xSV1/NorwegianPasswordSpraying: A repository containing lists and different combinations of weak/default passwords (in…
A repository containing lists and different combinations of weak/default passwords (in Norwegian) typically seen during external pentests and red team assessments. Contains seasons, months and holi...
#CVE-2022
Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface).
https://github.com/und3sc0n0c1d0/CVE-2022-40684
@BlueRedTeam
Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface).
https://github.com/und3sc0n0c1d0/CVE-2022-40684
@BlueRedTeam
GitHub
GitHub - und3sc0n0c1d0/CVE-2022-40684: Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager…
Utilities for exploiting vulnerability CVE-2022-40684 (FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface). - und3sc0n0c1d0/CVE-2022-40684
👍3
#CVE-2022
You can find a python noscript to exploit the vulnerability on Bitbucket related CVE-2022-36804.
https://github.com/khal4n1/CVE-2022-36804
@BlueRedTeam
You can find a python noscript to exploit the vulnerability on Bitbucket related CVE-2022-36804.
https://github.com/khal4n1/CVE-2022-36804
@BlueRedTeam
GitHub
GitHub - khal4n1/CVE-2022-36804: You can find a python noscript to exploit the vulnerability on Bitbucket related CVE-2022-36804.
You can find a python noscript to exploit the vulnerability on Bitbucket related CVE-2022-36804. - khal4n1/CVE-2022-36804
#Blue_Team
How to Investigate Insider Threats (Forensic Methodology)
https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html
@BlueRedTeam
How to Investigate Insider Threats (Forensic Methodology)
https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html
@BlueRedTeam
Inversecos
How to Investigate Insider Threats (Forensic Methodology)
👍4
#Red_Team
+ Redeye - Pentest operation tool
https://github.com/redeye-framework/Redeye
+ Bayanay - Python Wardriving
https://github.com/anil-yelken/wardriving
@BlueRedTeam
+ Redeye - Pentest operation tool
https://github.com/redeye-framework/Redeye
+ Bayanay - Python Wardriving
https://github.com/anil-yelken/wardriving
@BlueRedTeam
GitHub
GitHub - redeye-framework/Redeye: Redeye is a tool intended to help you manage your data during a pentest operation
Redeye is a tool intended to help you manage your data during a pentest operation - redeye-framework/Redeye
#Red_Team
RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities. This tool, released in October 2022 on GitHub, allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment.
The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use the RedEye’s presentation mode to present findings and workflow to stakeholders.
https://github.com/cisagov/RedEye
@BlueRedTeam
RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities. This tool, released in October 2022 on GitHub, allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment.
The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use the RedEye’s presentation mode to present findings and workflow to stakeholders.
https://github.com/cisagov/RedEye
@BlueRedTeam
GitHub
GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations
RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye
#Red_Team
Template-Driven AV/EDR Evasion Framework.
Modern Penetration Testing and Red Teaming often require bypassing common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently.
Inceptor is a tool that can help to automate a great part of this process, hopefully requiring no further effort.
Inceptor is a template-based PE packer for Windows, designed to help penetration testers and red teamers to bypass common AV and EDR solutions. Inceptor has been designed with a focus on usability, and to allow extensive user customization.
https://github.com/klezVirus/inceptor
@BlueRedTeam
Template-Driven AV/EDR Evasion Framework.
Modern Penetration Testing and Red Teaming often require bypassing common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently.
Inceptor is a tool that can help to automate a great part of this process, hopefully requiring no further effort.
Inceptor is a template-based PE packer for Windows, designed to help penetration testers and red teamers to bypass common AV and EDR solutions. Inceptor has been designed with a focus on usability, and to allow extensive user customization.
https://github.com/klezVirus/inceptor
@BlueRedTeam
GitHub
GitHub - klezVirus/inceptor: Template-Driven AV/EDR Evasion Framework
Template-Driven AV/EDR Evasion Framework. Contribute to klezVirus/inceptor development by creating an account on GitHub.
👍3
#Red_Team
Awesome Command & Control
A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.
https://github.com/tcostam/awesome-command-control
@BlueRedTeam
Awesome Command & Control
A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.
https://github.com/tcostam/awesome-command-control
@BlueRedTeam
GitHub
GitHub - tcostam/awesome-command-control: A collection of awesome Command & Control (C2) frameworks, tools and resources for post…
A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assignments. - tcostam/awesome-command-control
👍2
#Purple_Team
Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams.
What separates Codecepticon from other obfuscators is that it targets the source code rather than the compiled executables, and was developed specifically for AV/EDR evasion
https://github.com/Accenture/Codecepticon
@BlueRedTeam
Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams.
What separates Codecepticon from other obfuscators is that it targets the source code rather than the compiled executables, and was developed specifically for AV/EDR evasion
https://github.com/Accenture/Codecepticon
@BlueRedTeam
GitHub
GitHub - Accenture/Codecepticon: .NET/PowerShell/VBA Offensive Security Obfuscator
.NET/PowerShell/VBA Offensive Security Obfuscator. Contribute to Accenture/Codecepticon development by creating an account on GitHub.
#Purple_Team
EDR-Test
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike .
https://github.com/TH3xACE/EDR-Test
@BlueRedTeam
EDR-Test
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike .
https://github.com/TH3xACE/EDR-Test
@BlueRedTeam
GitHub
GitHub - TH3xACE/EDR-Test: Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team]. - GitHub - TH3xACE/EDR-Test: Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple ...
#Red_Team
Collection of PoC and offensive techniques used by the BlackArrow Red Team
https://github.com/blackarrowsec/redteam-research
@BlueRedTeam
Collection of PoC and offensive techniques used by the BlackArrow Red Team
https://github.com/blackarrowsec/redteam-research
@BlueRedTeam
GitHub
GitHub - blackarrowsec/redteam-research: Collection of PoC and offensive techniques used by the BlackArrow Red Team
Collection of PoC and offensive techniques used by the BlackArrow Red Team - blackarrowsec/redteam-research