dmore
Cybersecurity Architect | Forking Great People tools | Always thankful to God
AvailableBarcelona
Pinned Repositories
b3acon-mail-based-C2-via-ICMP-IMAP-SMTP-runs-powershell-commands-drafts-HTML-script-generator
b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell.
GoldenDMSA-red-golden-ticket-attack-delegated-managed-service-account
This tool exploits Golden DMSA attack against delegated Managed Service Accounts.
Infiltra-Firmware-red-wifi-hardware-hacking-security-testing-emulator
Infiltra Firmware is an open-source firmware for wireless security testing, network analysis, and hardware hacking. FLASH IT BELOW USING OUR WEB FLAHSER!
NativeBypassCredGuard-lsass-red-bypass-patch-wdigest-dll
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
OUned-red-DACL-abuse-via-manipulating-Gplink-attack-exploit-AD-OU-units-defcon33
The OUned A D Org Units ACL exploitation through gPLink poisoning
plaguards-blue-deobfuscator-powershell
Plaguards: Open Source PowerShell Deobfuscation and IOC Detection Engine for Blue Teams. [Presented at Black Hat Asia 2025 Arsenal]
RamiGPT-red-privesc-pwn-root-accounts
Autonomous Privilege Escalation using OpenAI
rpcfirewall-blue-detection-block-filter-malicious-RPC-calls
Sakura-Rat-stealth-HVNC-AV-EDR-bypass-fileless-exec-no-tracing-data-exfil-auto
HVNC malware and RAT tools like Sakura provide remote access to Windows systems. These tools, including batch RATs and HVNC source code, enable stealthy remote control, often used for malicious purposes like data theft or system exploitation.
TeamFiltration-red-ad-enum-attack-backdoor-o365-aad
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
dmore's Repositories
dmore/COM-Fuzzer-red-find-vulnerable-D-COM-clsid
Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully identify interesting (D)COM classes/implementations in such a time that would take a manual approach significantly more.
dmore/Ebyte-Syscalls-red-obfuscating-function-calls-vectored-exception-redirection-byte-swap
Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swapping without memory or assembly allocation.
dmore/OUned-red-DACL-abuse-via-manipulating-Gplink-attack-exploit-AD-OU-units-defcon33
The OUned A D Org Units ACL exploitation through gPLink poisoning
dmore/aced-red-parse-single-principal-DACL-inbound-access-and-SIDS
dmore/ADACLScanner-red-AD-ACL-object-rights-enum-viewer
Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory
dmore/bloodyAD-red-PrivEsc-Framework
BloodyAD is an Active Directory Privilege Escalation Framework
dmore/BOF_Spawn-CS-red-process-spawning-and-shellcode-injection-Draugr-stack-spoofing
Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
dmore/Detecting-Indirect-Syscalls-blue-monitor-and-detect-windows_security
Detection of indirect syscall techniques using hardware breakpoints and vectored exception handling.
dmore/EDR-Freeze-red-antimalware-processes-to-comma-state-exploits-WerFaultSecure-vector-driverless
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
dmore/EDR-Redir-red-redirect-EDR-folder-elsewhere
EDR-Redir : a tool used to redirect the EDR's folder to another location.
dmore/EntraGoat-red-blue-pentest-deliberate-vuln-EntraID-env
A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.
dmore/evilwaf-red-pentest-detect-and-bypass-WAF
evilwaf is a penetration testing tool designed to detect and bypass common Web Application Firewalls (WAFs).
dmore/GPOZaurr-recon-and-harden-powershell
Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them.
dmore/Group3r-blue-AD-group-policy-find-vulns
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
dmore/GroupPolicyBackdoor-recon-manipulation-explotation-priv-esc
Group Policy Objects manipulation and exploitation framework
dmore/Home-Grown-Red-Team
Home-Grown-Red-Team
dmore/InternalAllTheThings-Red
Active Directory and Internal Pentest Cheatsheets
dmore/ironfish-latest
A novel cryptocurrency focused on privacy and accessibility.
dmore/KrbRelayEx-red-kerberos-Fake-RPC-DCOM-MiTM-Server
dmore/MS-RPC-Fuzzer-beware-will-break-os-red
Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully identify interesting RPC services in such a time that would take a manual approach significantly more.
dmore/NetworkHound-red-AD-comprehensive-network-topology-analizer-with-SMB-validat-NTLM-krb-find-DCs
Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑compatible OpenGraph JSON.
dmore/PingOneHound-red-ident-analyse-execute-attack-paths-audit-RBAC-funcionality-and-misconfigs
Six Degrees of Organization Admin
dmore/printerbugnew-red-exploit-CVE-2025-54918-DCs-running-2025-allow-reflection-RPC-LDAPS
The DCERPC only printerbug.py version
dmore/retina-blue-k8s-network-observability-hub-security-compliance-network-health-ebfp-cloud-agnostic
eBPF distributed networking observability tool for Kubernetes
dmore/sigma-blue-siem-rules
Main Sigma Rule Repository
dmore/SilentButDeadly-red-block-cloudconnectivity-EDR-netw-comms-with-WFP
SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version focuses solely on network isolation without process termination.
dmore/SockTail-red-joins-a-device-to-a-Tailscale-network-and-exposes-a-local-SOCKS5-prox
Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s embedded client (tsnet). Zero config, no daemon, no persistence - just a fast way in.
dmore/systeminformer-red-blue-monitor-sys-processes
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
dmore/Timeroast-red-ad-netexec-ntp-hashes-for-hashcat
Timeroasting scripts by Tom Tervoort
dmore/trivy-tfsec-vulnerability-misconfig-secret-sbom-containers-k8s
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more