olympiador's Stars
atc-project/atomic-threat-coverage
Actionable analytics designed to combat threats
ion-storm/sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
olafhartong/sysmon-modular
A repository of sysmon configuration modules
mitre-attack/attack-scripts
Scripts and a (future) library to improve users' interactions with the ATT&CK content
mitre-attack/attack-evals
ATT&CK Evaluations website (DEPRECATED)
mitre-attack/attack-website
MITRE ATT&CK Website
Velocidex/velociraptor
Digging Deeper....
OWASP/owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
seajaysec/cypheroth
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
areyou1or0/OSCP
OSCP
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
disposable-email-domains/disposable-email-domains
a list of disposable and temporary email address domains
initstring/linkedin2username
OSINT Tool: Generate username lists for companies on LinkedIn
eth0izzle/the-endorser
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
defenxor/dsiem
Security event correlation engine for ELK stack
mullvad/mullvadvpn-app
The Mullvad VPN client app for desktop and mobile
allegro/ralph
Ralph is the CMDB / Asset Management system for data center and back office hardware.
CboeSecurity/password_pwncheck
Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules
juliocesarfort/public-pentesting-reports
A list of public penetration test reports published by several consulting firms and academic security groups.
OWASP/glue
Application Security Automation
jaeles-project/jaeles
The Swiss Army knife for automated Web Application Testing
lithnet/ad-password-protection
Active Directory password filter featuring breached password checking and custom complexity rules
s0md3v/XSStrike
Most advanced XSS scanner.
samduy/SVNDigger
List of files and directories for brute-forcing web applications
d0nkeys/redteam
Red Team Scripts by d0nkeys (ex SnadoTeam)
federicodotta/Java-Deserialization-Scanner
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
joaomatosf/jexboss
JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool
FSecureLABS/wePWNise
WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
FSecureLABS/Athena
GUI Tool to generate threat intelligence information in various formats
WithSecureLabs/drozer
The Leading Security Assessment Framework for Android.