S3N4T0R-0X0
specialization in Adversary Simulation, Malware Dev & Red Team Activates, passionate about all things related to Cyber Security
Pinned Repositories
APT-Attack-Simulation
This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here.
APT28-Adversary-Simulation
This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe
APT29-Adversary-Simulation
This is a simulation of attack by the Cozy Bear group (APT-29) targeting diplomatic missions
BEAR
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.
Checkmate
payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
Ember-Bear-APT
This is a simulation of attack by (Ember Bear) APT group targeting energy Organizations in Ukraine the attack campaign was active from least March 2021, The attack chain starts wit spear phishing email sent to an employee of the organization, which used a social engineering theme that suggested the individual had committed a crime
Energetic-Bear-APT
This is a simulation of attack by Energetic Bear APT group targeting “eWon” is a Belgian producer of SCADA and industrial network equipmen
Initial-Registry
It is a registry file that performs malicious activities when the fresh button is pressed, Such as start a malicious link, making an execution for payload, or running a malicious command line in CMD or PowerShell
Primitive-Bear-APT
This is a simulation of attack by (Primitive Bear) APT group targeting the State Migration Service of Ukraine
Voodoo-Bear-APT
This is a simulation of attack by (Voodoo Bear) APT group targeting entities in Eastern Europe the attack campaign was active as early as mid-2022, The attack chain starts with backdoor which is a DLL targets both 32-bit and 64-bit Windows
S3N4T0R-0X0's Repositories
S3N4T0R-0X0/APT-Attack-Simulation
This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here.
S3N4T0R-0X0/BEAR
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA and ChaCha to secure communication between the payload and the operator machine.
S3N4T0R-0X0/Checkmate
payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
S3N4T0R-0X0/APT28-Adversary-Simulation
This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe
S3N4T0R-0X0/APT29-Adversary-Simulation
This is a simulation of attack by the Cozy Bear group (APT-29) targeting diplomatic missions
S3N4T0R-0X0/Voodoo-Bear-APT
This is a simulation of attack by (Voodoo Bear) APT group targeting entities in Eastern Europe the attack campaign was active as early as mid-2022, The attack chain starts with backdoor which is a DLL targets both 32-bit and 64-bit Windows
S3N4T0R-0X0/Initial-Registry
It is a registry file that performs malicious activities when the fresh button is pressed, Such as start a malicious link, making an execution for payload, or running a malicious command line in CMD or PowerShell
S3N4T0R-0X0/Ember-Bear-APT
This is a simulation of attack by (Ember Bear) APT group targeting energy Organizations in Ukraine the attack campaign was active from least March 2021, The attack chain starts wit spear phishing email sent to an employee of the organization, which used a social engineering theme that suggested the individual had committed a crime
S3N4T0R-0X0/Primitive-Bear-APT
This is a simulation of attack by (Primitive Bear) APT group targeting the State Migration Service of Ukraine
S3N4T0R-0X0/Energetic-Bear-APT
This is a simulation of attack by Energetic Bear APT group targeting “eWon” is a Belgian producer of SCADA and industrial network equipmen
S3N4T0R-0X0/Venomous-Bear-APT
This is a simulation of attack by (Venomous Bear) APT group targeting U.S.A, Germany and Afghanista attack campaign was active since at least 2020, The attack chain starts with installed the backdoor as a service on the infected machine
S3N4T0R-0X0/Gossamer-Bear-APT
This is a simulation of attack by (Gossamer Bear) APT group targeting Institutions logistics support and defense to Ukraine the attack campaign was active from April 2023
S3N4T0R-0X0/Matryoshka
This repository contains a C++ program that can be used to simulate malware that exploits the messaging platforms Telegram or Discord to achieve its programmed goals. In this case, the program exploits "Maga" to dump data
S3N4T0R-0X0/Berserk-Bear-APT
This is a simulation of attack by (Berserk Bear) APT group targeting critical infrastructure and energy companies around the world, primarily in Europe and the United States
S3N4T0R-0X0/AMON-Eye
AM0N-Eye is the decompiled from Cobaltsetrike and has been modified and developed through several aggressor scripts. is project based on a combination of different ideas and projects used by the threat actor where we observe a set of techniques to evasion EDR and AV