cyb3rpnk's Stars
SpecterOps/BloodHound-Legacy
Six Degrees of Domain Admin
elceef/dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
0x4D31/awesome-threat-detection
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
JPCERTCC/LogonTracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
ly4k/Certipy
Tool for Active Directory Certificate Services enumeration and abuse
Cloud-Architekt/AzureAD-Attack-Defense
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
NetSPI/MicroBurst
A collection of scripts for assessing Microsoft Azure security
dirkjanm/ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
cisagov/ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
lkarlslund/Adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
sense-of-security/ADRecon
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
netero1010/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
CravateRouge/bloodyAD
BloodyAD is an Active Directory Privilege Escalation Framework
SpecterOps/BloodHound
Six Degrees of Domain Admin
lkarlslund/ldapnomnom
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
0xthirteen/SharpRDP
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
FalconForceTeam/SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
garrettfoster13/sccmhunter
Bert-JanP/Incident-Response-Powershell
PowerShell Digital Forensics & Incident Response Scripts.
nettitude/SharpWSUS
vm32/Linux-Incident-Response
practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response
MarkoH17/Spray365
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
CyberCX-STA/PurpleOps
An open-source self-hosted purple team management web application.
ANSSI-FR/DFIR4vSphere
Powershell module for VMWare vSphere forensics
hackerhouse-opensource/WMIProcessWatcher
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
wh0amitz/SharpRODC
To audit the security of read-only domain controllers
olafhartong/DefenderHarvester
Expose a lot of MDE telemetry that is not easily accessible in any searchable form
LearningKijo/ResearchDev
ResearchDev - XDR & SIEM Detection
Neo23x0/Talks
Slides of my public talks
Visorian/PSMDE
Microsoft Defender for Endpoint PowerShell module