Pinned Repositories
ADModule
Microsoft signed ActiveDirectory PowerShell module
BadBlood
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
docker_elastalert
custom built docker on Ubuntu 16.04 with elastalert
docker_mdbook
jupyter_threathunt
jupyter notebook to deploy terraform_threathunt an ansible_threathunt
logstashrest
logstash configuration with REST API plugin
mdBook
Create book from markdown files. Like Gitbook but implemented in Rust
ShellcodeWrapper
Shellcode wrapper with encryption for multiple target languages
threathunt
threathunt_student
threathunt repo for students
crimsoncore's Repositories
crimsoncore/logstashrest
logstash configuration with REST API plugin
crimsoncore/threathunt
crimsoncore/BadBlood
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
crimsoncore/docker_elastalert
custom built docker on Ubuntu 16.04 with elastalert
crimsoncore/docker_mdbook
crimsoncore/jupyter_threathunt
jupyter notebook to deploy terraform_threathunt an ansible_threathunt
crimsoncore/threathunt_student
threathunt repo for students
crimsoncore/Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
crimsoncore/mdBook
Create book from markdown files. Like Gitbook but implemented in Rust
crimsoncore/DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
crimsoncore/dfir
crimsoncore/DNSExfiltrator
Data exfiltration over DNS request covert channel
crimsoncore/docker-guacamole
crimsoncore/docker_auditbeat
auditbeat docker
crimsoncore/docker_coder
jumphost with coder and ansible
crimsoncore/docker_filebeat
filebeat 7.4.2 in docker
crimsoncore/docker_kali
crimsoncore/docker_metasploit
crimsoncore/Invoke-Obfuscation
PowerShell Obfuscator
crimsoncore/PEzor
Open-Source PE Packer
crimsoncore/PSGumshoe
crimsoncore/PyFuscation
Obfuscate powershell scripts by replacing Function names, Variables and Parameters.
crimsoncore/SharpRDP
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
crimsoncore/sigma
Generic Signature Format for SIEM Systems
crimsoncore/silenttrinityteam
crimsoncore/sRDI
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
crimsoncore/updog
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
crimsoncore/windapsearch
Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
crimsoncore/windows-event-forwarding
A repository for using windows event forwarding for incident detection and response
crimsoncore/zeek
zeek 3.0.0.