Pinned Repositories
act-platform
Open platform for collection and exchange of threat intelligence information
APT-Ecosystem
This repository contains the website and the tools which are part of the joint research between Check Point Research and Intezer to map the connections inside the APT Ecosystem of Russia.
APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
APT_Digital_Weapon
Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
APT_REPORT
Interesting apt report collection and some special ioc express
APTnotes
Various public documents, whitepapers and articles about APT campaigns
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
CyberThreatIntel
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
encryption-works
Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
sigma
Generic Signature Format for SIEM Systems
KnightX's Repositories
KnightX/sigma
Generic Signature Format for SIEM Systems
KnightX/act-platform
Open platform for collection and exchange of threat intelligence information
KnightX/APT-Ecosystem
This repository contains the website and the tools which are part of the joint research between Check Point Research and Intezer to map the connections inside the APT Ecosystem of Russia.
KnightX/APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
KnightX/APT_Digital_Weapon
Indicators of compromise (IOCs) collected from public resources and categorized by Qi-AnXin.
KnightX/APT_REPORT
Interesting apt report collection and some special ioc express
KnightX/APTnotes
Various public documents, whitepapers and articles about APT campaigns
KnightX/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
KnightX/CyberThreatIntel
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
KnightX/encryption-works
Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance
KnightX/Forensics
Scripts and code referenced in CrowdStrike blog posts
KnightX/king-phisher
Phishing Campaign Toolkit
KnightX/NSABlocklist
HOSTS file and research project to block all known NSA / GCHQ / C.I.A. / F.B.I. spying server
KnightX/Research
Research indicators and detection rules
KnightX/ShadowBrokers-NSA-Mirror
https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation # Exploits - **EARLYSHOVEL** RedHat 7.0 - 7.1 Sendmail 8.11.x exploit - **EBBISLAND (EBBSHAVE)** root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. - **ECHOWRECKER** remote Samba 3.0.x Linux exploit. - **EASYBEE** appears to be an MDaemon email server vulnerability - **EASYFUN** EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6 - **EASYPI** is an IBM Lotus Notes exploit that gets detected as Stuxnet - **EWOKFRENZY** is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2 - **EXPLODINGCAN** is an IIS 6.0 exploit that creates a remote backdoor - **ETERNALROMANCE** is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010) - **EDUCATEDSCHOLAR** is a SMB exploit (MS09-050) - **EMERALDTHREAD** is a SMB exploit for Windows XP and Server 2003 (MS10-061) - **EMPHASISMINE** is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2 - **ENGLISHMANSDENTIST** sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users - **EPICHERO** 0-day exploit (RCE) for Avaya Call Server - **ERRATICGOPHER** is a SMBv1 exploit targeting Windows XP and Server 2003 - **ETERNALSYNERGY** is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010) - **ETERNALBLUE is** a SMBv2 exploit for Windows 7 SP1 (MS17-010) - **ETERNALCHAMPION** is a SMBv1 exploit - **ESKIMOROLL** is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers - **ESTEEMAUDIT** is an RDP exploit and backdoor for Windows Server 2003 - **ECLIPSEDWING** is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067) - **ETRE** is an exploit for IMail 8.10 to 8.22 - **ETCETERABLUE** is an exploit for IMail 7.04 to 8.05 - **FUZZBUNCH** is an exploit framework, similar to MetaSploit - **ODDJOB** is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors - **EXPIREDPAYCHECK** IIS6 exploit - **EAGERLEVER** NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release - **EASYFUN** WordClient / IIS6.0 exploit - **ESSAYKEYNOTE** - **EVADEFRED** # Utilities - **PASSFREELY** utility which "Bypasses authentication for Oracle servers" - **SMBTOUCH** check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE - **ERRATICGOPHERTOUCH** Check if the target is running some RPC - **IISTOUCH** check if the running IIS version is vulnerable - **RPCOUTCH** get info about windows via RPC - **DOPU** used to connect to machines exploited by ETERNALCHAMPIONS - **NAMEDPIPETOUCH** Utility to test for a predefined list of named pipes, mostly AV detection. User can add checks for custom named pipes.
KnightX/snowden-archive
💥 A collection of all documents leaked by former NSA contractor and whistleblower Edward Snowden.
KnightX/tau-tools
A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit
KnightX/TrieJoin
Three Algorithm for Trie-based similairty join ( Trie Traverse, Trie Dynamic, TriePathStack)