federico22285

federico22285's Stars

• sbasu7241/Elastic-Case-Writeup

  Writeup for Elastic-Case - CyberDefenders

  8

• IBM/qradar-sample-apps

  QRadar Sample Apps for use with V2 of the QRadar App Framework

  Language:Python2224

• bigb0sss/RedTeam-OffensiveSecurity

  Tools & Interesting Things for RedTeam Ops

  Language:Python2.1k362

• alwashali/Qradar-Offenses-Jupyter-Notebook

  Analyze Qradar Offense Using Jupyter Notebook

  Language:Jupyter Notebook3

• BishopFox/sliver

  Adversary Emulation Framework

  Language:Go8.6k1.1k

• ayoubfaouzi/al-khaser

  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

  Language:C++5.9k1.2k

• xforcered/InlineExecute-Assembly

  InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

  18429

• lukebuehler/CShell

  A simple, yet powerful, C# scripting IDE and REPL

  Language:C#70397

• threatexpress/random_c2_profile

  Cobalt Strike random C2 Profile generator

  Language:Python62786

• microsoft/SysmonForLinux

  Sysmon for Linux

  Language:C1.8k187

• MythicAgents/hermes

  Swift 5 macOS agent

  Language:Swift9915

• olafhartong/sysmon-modular

  A repository of sysmon configuration modules

  Language:PowerShell2.7k592

• davidprowe/BadBlood

  BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

  Language:PowerShell2.1k274

• OTRF/ATTACK-Python-Client

  Python Script to access ATT&CK content available in STIX via a public TAXII server

  Language:Python557114

• cea-sec/miasm

  Reverse engineering framework in Python

  Language:Python3.5k474

• rsc-dev/pypi_malware

  PyPI malware packages

  Language:Python587

• prjpet/virtuaplant

  VirtuaPlant is a Industrial Control Systems simulator which adds a “similar to real-world control logic” to the basic “read/write tags” feature of most PLC simulators.

  Language:Python86

• bohops/UltimateWDACBypassList

  A centralized resource for previously documented WDAC bypass techniques

  48569

• donarmature/demisto-content

  Language:Python82

• OISF/suricata-verify

  Suricata Verification Tests - Testing Suricata Output

  Language:Python10290

• tomer8007/chromium-ipc-sniffer

  A tool to capture communication between Chromium processes on Windows

  Language:Lua37258

• RfidResearchGroup/proxmark3

  Iceman Fork - Proxmark3

  Language:C4.1k1.1k

• dstotijn/hetty

  An HTTP toolkit for security research.

  Language:Go6.1k352

• ioncodes/CVE-2020-16938

  Bypassing NTFS permissions to read any files as unprivileged user.

  Language:C++18740

• rasta-mouse/TikiTorch

  Process Injection

  Language:C#752139

• dtrizna/DotNetInject

  Code samples of .NET shellcode injections, weaponized for use via WebDav and mshta.exe.

  Language:C#399

• ahussam/url-tracker

  Change monitoring app that checks the content of web pages in different periods.

  Language:JavaScript34157

• sbousseaden/EVTX-ATTACK-SAMPLES

  Windows Events Attack Samples

  Language:HTML2.3k400