mopaw's Stars
trustedsec/unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
iagox86/dnscat2
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
activecm/rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
mattnotmax/cyberchef-recipes
A list of cyber-chef recipes and curated links
m57/dnsteal
DNS Exfiltration tool for stealthily sending files over DNS requests.
ipinfo/cli
Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
philhagen/sof-elk
Configuration files for the SOF-ELK VM
jstrosch/malware-samples
Malware samples, analysis exercises and other interesting resources.
hakluke/hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
tsale/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
Gerenios/AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
megadose/OnionSearch
OnionSearch is a script that scrapes urls on different .onion search engines.
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Arno0x/DNSExfiltrator
Data exfiltration over DNS request covert channel
3lp4tr0n/BeaconHunter
Detect and respond to Cobalt Strike beacons using ETW.
mandiant/iocs
FireEye Publicly Shared Indicators of Compromise (IOCs)
evild3ad/MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
lukebaggett/dnscat2-powershell
A Powershell client for dnscat2, an encrypted DNS command and control tool.
CrowdStrike/falconpy
The CrowdStrike Falcon SDK for Python
Josue87/EmailFinder
Search emails from a domain through search engines
ANSSI-FR/DFIR-O365RC
PowerShell module for Office 365 and Azure log collection
nebulous/infinitude
Open control of Carrier/Bryant thermostats
trickest/dsieve
Filter and enrich a list of subdomains by level
zeek/zeek-agent
This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
krmaxwell/dns-exfiltration
Exfiltrate files via DNS
center-for-threat-informed-defense/public-resources
Collection of resources related to the Center for Threat-Informed Defense
likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections
swarmframework/swarm
SWARM Framework
websecurify/go-camouflage