Defensive Origins
A research, consulting, and educational organization founded to assist businesses and non-profits manage and build their Information Security Knowledge Capital
Black Hills, South Dakota
Pinned Repositories
APT-Lab-Terraform
Purple Teaming Attack & Hunt Lab - Terraform
APT06202001
Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020
APTv4_Defcon28
Defcon 28 - Red Team Village - Applied Purple Teaming - Why Can't We Be Friends
AtomicPurpleTeam
Atomic Purple Team Framework and Lifecycle
AutoSPFRecon
Automatic Sender Policy Framework Reconnaissance
Detect-msDS-KeyCredentialLink
Detect msDS-KeyCredentialLink Changes
DO-LAB
DomainBuildScripts
Build a domain with three quick PowerShell scripts!
ps-whitenoiseweb
Powershell - web traffic whitenoise generator
Training
Defensive Origins Training Schedule
Defensive Origins's Repositories
DefensiveOrigins/DO-LAB
DefensiveOrigins/Training
Defensive Origins Training Schedule
DefensiveOrigins/APT-PreReqs
Applied Purple Teaming Course Pre-Requisites
DefensiveOrigins/Detect-msDS-KeyCredentialLink
Detect msDS-KeyCredentialLink Changes
DefensiveOrigins/SentinelKQL
Some supporting KQL queries for a blog
DefensiveOrigins/icmp-timestamp
extract remote timestamp from hping3 icmp replies
DefensiveOrigins/BloodHound
Six Degrees of Domain Admin
DefensiveOrigins/MSSentinelSysmonParser
A simple parser for Sysmon logs through EID28 for Microsoft Sentinel
DefensiveOrigins/AC-PreReqs
DefensiveOrigins/ADD-PreReqs
Attack Detect Defend Course Pre-Requisites
DefensiveOrigins/APT22Things
Location for a few things necessary for APT22
DefensiveOrigins/BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
DefensiveOrigins/csp_check
check if a CSP record exists
DefensiveOrigins/HostRecon
This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
DefensiveOrigins/SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
DefensiveOrigins/AC-Extras
Assumed Compromise Additional Components
DefensiveOrigins/ADD_Extras
ADD Extras
DefensiveOrigins/bl-bfg
DefensiveOrigins/BloodHound.py
A Python based ingestor for BloodHound
DefensiveOrigins/DonPAPI
Dumping DPAPI credz remotely
DefensiveOrigins/DTE_Extras
DefensiveOrigins/DTEsrc2022
Additional resources for DTE 2022
DefensiveOrigins/geoip2-ipv4
GeoIP2 - free IP geolocation database.
DefensiveOrigins/impacket
Impacket is a collection of Python classes for working with network protocols.
DefensiveOrigins/NECSC24
Nebraska Cyber Security Conference - Talk Slides & Content
DefensiveOrigins/PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
DefensiveOrigins/PKINITtools
Tools for Kerberos PKINIT and relaying to AD CS
DefensiveOrigins/PowerShellArmoury
A PowerShell armoury for security guys and girls
DefensiveOrigins/PrivescCheck
Privilege Escalation Enumeration Script for Windows
DefensiveOrigins/SharpCollection
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.